Marco A. De Felice of SuspectFile is my brother by another mother. We don’t speak the same language, and we wouldn’t know each other if we passed on a street, but he has the same genetic disorder that I have: a determination to uncover information that breached entities try to bury or ignore. Since 2020,…
Category: Of Note
Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach
Uh oh. Brian Krebs reports: In November 2022, the password manager service LastPass disclosed a breach in which hackers stole password vaults containing both encrypted and plaintext data for more than 25 million users. Since then, a steady trickle of six-figure cryptocurrency heists targeting security-conscious people throughout the tech industry has led some security experts…
FTC Finalizes Order with 1Health.io Over Charges it Failed to Protect Privacy and Security of DNA Data and Unfairly Changed its Privacy Policy
The Federal Trade Commission finalized an order with 1Health.io that settles charges that the genetic testing firm left sensitive genetic and health data unsecured, deceived consumers about their ability to get their data deleted, and changed its privacy policy retroactively without adequately notifying consumers and obtaining their consent. In a complaint first announced in June 2023, the…
Insights From The IBM 2023 Cost of a Data Breach Report
Joseph J. Lazzarotti of JacksonLewis writes: The annual Cost of a Data Breach Report (Report) published by IBM is reliably full of helpful cybersecurity data. This year is no different. After reviewing the Report, we pulled out some interesting data points: Is it beneficial to involve law enforcement in a ransomware attack? According to the Report, organizations…
HHS Security Risk Assessment Tool Version 3.4 and Webinars
From HHS OCR: The Office for Civil Rights (OCR) and the Office of the National Coordinator for Health Information Technology (ONC) at the U.S. Department of Health and Human Services (HHS) are hosting two webinars for the release of version 3.4 of the Security Risk Assessment (SRA) Tool. This tool is designed to aid small…
Developing: Hospital Sisters Health System and Prevea Health hit by cyberattack
Yesterday, DataBreaches received a phone call from an employee at St. Vincent Hospital in Green Bay, Wisconsin. The employee was asking if we knew anything about a cyberattack on Hospital Sisters Health System (HSHS) and stated that everything had been down for two days but the employees were not really being given information other than…