The Everest Ransomware Team has a new post on their leak site: Company has the last 24 hours to contact us using the instructions left.In case of silence, all data will be published More than 1 million personal EMR’s + different internal company documents But was this a new incident or were they just trying…
Category: Subcontractor
Business Associate Agreements Matter: Demystifying the Perceived Simplicity of HIPAA Agreements
Shalyn Watkins of Holland & Knight writes: For most healthcare providers and businesses, signing a Business Associate Agreement (BAA) is a standard practice. When contracting to provide services with an entity governed by the Health Insurance Portability and Accountability Act (HIPAA), it is a requirement that the entity enter into a business associate contract, also…
From the “I Wouldn’t Hold My Breath Department”
We understand why courts issue such injunctions and rulings, but still… PA News Agency reports: Hackers responsible for a cyber attack that led to more than 10,000 NHS appointments being cancelled have been ordered by a High Court judge to “unmask” themselves and return or delete stolen data. Pathology services provider Synnovis was targeted by…
Surgery Center of Mid Florida notifies patients of February ransomware attack
On or about February 21, Surgery Center of Mid Florida (“SCOMF”) experienced a ransomware attack. No group has publicly claimed responsibility for the attack, but it originated with an attack on their now-former IT vendor. The attack on the unnamed vendor gave the attackers access to SCOMF. In August, SCOMF notified regulators, explaining, in part:…
Number of appointments at NHS trusts impacted by cyber attack passes 10,000
The Jersey Evening Post reported: More than 10,000 appointments have been cancelled at the two London NHS trusts that were worst affected by a cyber attack earlier this summer, new figures have revealed. Pathology services provider Synnovis was the victim of a ransomware attack by Russian cyber gang Qilin on June 3. An update from…
UK: Provisional decision to impose £6m fine on software provider Advanced following 2022 ransomware attack
The following statement by the Information Commissioner’s Office concerns a devastating 2022 ransomware attack by LockBit3.0 on Advanced Computer Software Group (“Advanced”), an IT vendor for the UK’s National Health Service (NHS). Here is the ICO’s statement about Advanced: We have provisionally decided to fine Advanced Computer Software Group Ltd (Advanced) £6.09m, following an initial…