In February 2017, Google and the State of Iowa were the target of multiple phishing email campaigns. The Office of the Chief Information Officer (OCIO) and the Iowa Veterans Home jointly responded and coordinated the recovery of the incident and worked together to implement additional measures to prevent a similar occurrence in the future. We…
Category: Phishing
Cleveland Metropolitan School District discloses phishing-related incident
Cleveland Metropolitan School District, (“CMSD”), recently discovered an event that that may affect the security of personal and financial information of a select group of employees, students, their guardians, and/or other affiliates of CMSD. What Happened? On March 6, 2017, CMSD determined that certain categories of employee, student, and/or guardian information contained in a limited…
Metro Community Provider Network settles HHS breach charges for $400,000 and corrective action plan
HHS announced another settlement today. This one stemmed from a 2011 incident that was previously covered on this site. Once again, the take-home message is that you need to do a risk assessment, and you need a risk management plan commensurate with your risk assessment. In this case, there was no prior risk assessment, and…
Phishing scam diverts more than $40K from Denver Public Schools
Michael Konopasek reports: A computer hacking scam has made $40,000 of direct deposit money for Denver Public Schools employees disappear. Internet thieves are suspected of stealing the funds that were intended to pay the school district staff Read more on Fox31. Sadly, it appears that despite the district’s training/awareness efforts, at least 30 employees fell…
Virginia Adds Notification Requirements for Payroll Incidents to Breach Law
Liisa M. Thomas, Robert H. Newman, and Eric J. Shinabarger of Winston Strawn LLP write: With little fanfare, Virginia recently amended its data breach notification law, requiring employers and payroll service providers to notify the Virginia Attorney General if they are subject to a W2 phishing scam. More specifically, the law requires that they notify…
Washington University School of Medicine hit by phishing attack, patient info may have been accessed
KSDK reports: A third party may have gained unauthorized access to patient information — including names, birth dates and social security numbers — after a phishing attack at Washington University’s medical school. A post on the Washington University School of Medicine website said an employee fell for a phishing email designed to look like an official request…