5News reports that an Arkansas county has been hit by a cyberattack, although the details are not yet clear: According to Crawford County Judge Dennis Gilstrap, a cyberattack was discovered at the County Assessors office on Monday, Dec. 27. Gilstrap said he is not exactly sure of the correct phrasing but employees discovered files missing…
Category: Subcontractor
VPN Solutions LLC suffered a ransomware attack two months ago. Some clients still can’t access patient data hosted on the service.
It appears that a ransomware incident involving VPN Solutions LLC may have affected a number of covered entities, although so far, DataBreaches.net has only identified two confirmed cases: Surgery Group SC On December 17, Surgery Group SC in Illinois notified HHS about an incident impacting 500 patients. DataBreaches.net interprets that 500 number as a marker…
MA: Northeastern Cancels Vaccination Clinics After Third-Party Information Leak
Jay Willett reports: COVID-19 vaccination clinics scheduled on Northeastern University’s Boston campus have been cancelled following the discovery of registrants’ personal information being exposed by Pelmeds, a third-party vaccine provider. In a statement shared with WBZ NewsRadio, Northeastern said that the information was present on Pelmeds’ website. “As soon as the university became aware of…
Ransomwared payroll provider leaks data on 38,000 Australian government workers
Simon Sharwood reports: Personal information describing names, addresses, bank account details, and taxation IDs of 38,000 Australian government employees has been leaked to the dark web after a ransomware attack. The treasurer of the Australian State of South Australia, Rob Lucas, today revealed the source of the leak: outsourced payroll provider Frontier Software. Read more at The…
Vendors and HIPAA
Matt Fisher of Carium writes: An important part of establishing strong security for an organization rests with how it interacts with its vendors. The creation of a chain of entities creating, interacting with, storing, or otherwise handling sensitive patient information starts at the top, but can easily and frequently go down many layers. Given the…
Polish DPA: Bank Millennium fined 80,000 EUR for failure to notify the breach and the data subjects about the incident
22 November 2021 Background information Date of final decision: 14 October 2021 Cross-border case or national case: National case Controller: Bank Millennium S.A. Legal Reference: Notification of a personal data breach to the supervisory authority (Article 33(1)), Communication of a personal data breach to the data subject (Article 34(1)) Decision: Infringement of the GDPR, fine…