James Wesser reports: Attorney General Josh Shapiro announced on Friday, Dec. 16 a settlement with a graduation memorabilia company after a data security event discovered in April 2021 exposed Pennsylvanians’ private information. “Protecting Pennsylvanians’ personal information and financial data is a key priority of my office,” said AG Shapiro. “Every corporation that does business in…
Category: U.S.
MN: State network data breach has potential impact on some Rochester Public Library users
Post Bulletin reports: Rochester Public Library was notified that one of its library service partners, MNLINK, experienced a data breach on Dec. 15, 2022. Through the random cyber attack, the names and email address of 1,709 Rochester library customers might have been accessed. Read more at Post Bulletin.
CMS Responding to Data Breach at Subcontractor
I cannot remember any other breach where CMS actually issued those affected new Medicare numbers and cards, but it happened in this one: A Centers for Medicare and Medicaid (CMS) subcontractor was the victim of a ransomware attack in October. The full press release follows: The Centers for Medicare & Medicaid Services (CMS) is responding…
HHS Civil Rights Office Enters Settlement with Dental Practice Over Disclosures of Patients’ Protected Health Information
From HHS, resolution of a complaint they received in 2017: The Office for Civil Rights (OCR) has settled with B. Brandon Au, DDS, Inc., d/b/a New Vision Dental (New Vision Dental), in California, over the impermissible disclosure of patient protected health information (PHI) in response to online reviews, and other potential violations of the Health…
Former Twitter employee sentenced to more than three years in prison for spying for Saudi Arabia
Kevin Collier reports: A former Twitter employee found guilty of spying on users on behalf of the Saudi royal family has been sentenced to three and a half years in prison. Ahmad Abouammo, a dual U.S.-Lebanese citizen who helped oversee media partnerships for Twitter in the Middle East and North Africa, was part of a scheme to…
HC3: Analyst Note: LockBit 3.0 Ransomware
Report: 202212121700 LockBit 3.0 Ransomware December 12, 2022 Executive Summary LockBit 3.0 is the newest version of the LockBit ransomware that was first discovered in September 2019. The ransomware family has a history of using the Ransomware-as-a-service (RaaS) model and typically targets organizations that could pay higher ransoms. Historically, this ransomware employs a double extortion…