Marianne Kolbasuk McGee reports: Tens of thousands of documents containing personal information of special education students within New York City’s public school system were held in an unsecured database exposed to the internet. Researcher Jeremiah Fowler of security services firm Security Discovery told Information Security Media Group he found the unsecured database in mid-February and…
Category: Subcontractor
What is the cost of not purging data or moving it offline, Sunday edition
Maybe one day, a law or regulation will require entities to purge old data that is no longer needed or requires it to be disconnected from the internet. If anyone needs a fresh example of why we need that type of law or regulation, here it is: Richard T. Miller, DMD, PC, d/b/a Great Neck/Mid…
Hitachi Energy Latest Victim of Clop GoAnywhere Attacks
Prajeet Nair reports: Hitachi Energy joined the ranks of victims hit by the Clop ransomware group, which has exploited a zero-day vulnerability in Fortra’s widely used managed file transfer software, GoAnywhere MFT. Clop claimed responsibility for the hack, which compromised networks used by 130 different organizations. Read more at BankInfoSecurity.
Patient’s ’embarrassing’ private health information posted to Facebook after breach
Tori Gaines reports: A woman has reported that the results of her test for sexually transmitted diseases were posted to Facebook after a worker at a California hospital gained access to her medical records, according to a complaint shared by her attorney. There’s a lot to consider about this case. From the reporting, it appears…
NBA alerts fans of a data breach exposing personal information
Sergiu Gatlan reports: The NBA (National Basketball Association) is notifying fans of a data breach after some of their personal information, “held” by a third-party newsletter service, was stolen. “We recently became aware that an unauthorized third party gained access to, and obtained a copy of, your name and email address, which was held by…
Jelly Bean Communications Design and its Manager Settle False Claims Act Liability for Cybersecurity Failures on Florida Medicaid Enrollment Website
There’s an update to the Florida Healthy Kids breach that was due to their vendor, Jelly Bean Communications, not patching vulnerabilities for seven years. The incident was reported to HHS in January 2021 as impacting 3.5 million patients. Today, the U.S. Department of Justice announced: Jelly Bean Communications Design LLC (Jelly Bean) and Jeremy Spinks…