The following is a press release from HHS OCR concerning a settlement stemming from a March 2017 ransomware attack experienced by Cascade Eye & Skin Centers in Washington. DataBreaches was not previously aware of this incident and can find no news coverage of it at the time nor any entry on HHS’s public breach tool…
Category: U.S.
Failure to Safeguard, Two Cyber Intrusions, and an $850,000 SEC Settlement
Melissa Pascualini of JacksonLewis writes: … In a recent settlement agreement with the SEC, a New York-based registered transfer agent, Equiniti Trust Company LLC, formerly known as American Stock Transfer & Trust Company LLC, agreed to pay $850K to settle charges that it failed to assure client securities and funds were protected against theft or…
Joint ODNI, FBI, and CISA Statement
September 18, 2024 – Today, the Office of the Director of National Intelligence (ODNI), the Federal Bureau of Investigation (FBI), and the Cybersecurity and Infrastructure Security Agency (CISA) released the following statement: Since the 19 August 2024 joint ODNI, FBI, and CISA public statement on Iranian Election Influence Efforts, the FBI has learned additional details about Iran’s…
Sea-Tac refuses to pay 100-bitcoin ransom after August cyberattack
Elise Takahama reports: The hackers behind last month’s cyberattack on Seattle-Tacoma International Airport are demanding a 100-bitcoin ransom — about $6 million — for stolen data, though just how much information was accessed, and what kind, is still unclear. During a Wednesday morning hearing with the U.S. Senate’s Commerce, Science and Transportation Committee, the airport’s aviation managing director, Lance…
New Data Breach Notification Obligations for Pennsylvania – and a New Reporting Portal
Liisa M. Thomas, Kathryn Smith of Sheppard, Mullin, Richter & Hampton LLP write: Pennsylvania AG Michelle Henry announced yesterday the launch of an online portal for businesses to report data breaches to the AG’s office. The portal launch comes before Pennsylvania’s new breach amendments take effect on September 26, 2024. One of the amendments will require businesses to report…
Everything old is new again, part 2: Was U.S. Dermatology Partners hit twice within months?
Earlier today, DataBreaches reported that MCNA Dental allegedly suffered a cyberattack involving patient data. According to the threat actor who claimed responsibility for the attack (Everest Ransom Team), this incident was totally unrelated to a February 2023 ransomware attack by LockBit that was supposedly leaked in April 2023. In May 2023, MCNA Dental reported that…