Between 2018 and the end of 2020, DataBreaches published dozens of news reports on municipal breaches involving CentralSquare’s ClicktoGov software. The software allows residents to pay utility bills or other municipal bills online. Now Top Class Actions reports that CentralSquare has agreed to pay $1.9 million to settle litigation by some consumers. Consumers whose credit…
Category: U.S.
Justice Department Seizes and Forfeits Approximately $500,000 from North Korean “Maui” Ransomware Actors and their Conspirators
The Justice Department today announced a complaint filed in the District of Kansas to forfeit cryptocurrency paid as ransom to North Korean hackers or otherwise used to launder such ransom payments. In May 2022, the FBI filed a sealed seizure warrant for the funds worth approximately half a million dollars. The seized funds include ransoms…
In yet another long gap to notification, a covered entity notifies patients of a May 2021 cyberattack
On May 5, 2021, Benson Health in North Carolina (formerly known as Benson Area Medical Center) discovered that it was the target of a cyberattack. According to their notification dated July 7, 2022, they immediately launched an investigation, engaged a law firm specializing in cybersecurity and data privacy, and engaged third-party forensic specialists to assist….
BJC HealthCare settles class action litigation
In May 2020, DataBreaches noted that BJC Healthcare in Missouri was alerting patients to a data breach. The breach had first been discovered on March 6, shortly after three employee email accounts were compromised. At the time of notification, BJC Healthcare reported that investigators were unable to determine if any emails or attachments had actually…
This post provides substitute breach notification to one patient Oregon Health & Science University could not otherwise directly notify
Federal regulations requjire substitute notice when notification by postal mail or other direct means cannot be made, but I cannot recall ever seeing a substitute notice that announced it was only being made for one particular patient. The following was published by the Oregon Health & Science University: On May 16, 2022, a computer belonging…
Treating Healthcare’s Insider Threat
Gabriel Avner writes: There’s an old joke about why bank robbers rob banks. Because that’s where the money is. Given the valuable assets under their care, banks, fintech, insurance, and other financial institutions have understood that they have to take special care to avoid data breaches and other threats. But if the past week’s steady…