HIPAA Journal reminds us all that states can require notification to the state of breaches that are also covered by HIPAA and can take enforcement action if they are not reported: Recently, there have been several instances where the California DOJ has not been notified about ransomware attacks on California healthcare facilities, even though the…
Category: U.S.
Fresno Unified School District notifying people after discovering backup device with names and SSNs was missing
The Fresno Unified School District experienced a breach when they discovered in March that specific storage media used to perform computer backups was missing from storage. According to their notification to the California Attorney General’s Office, the missing storage media contained names and Social Security numbers. The notification does not mention whether this was just employee…
La Puente man impersonated Apple customer support to steal 620,000 iCloud photos in plot to find images of nude women
Michael Finnegan reports: A Los Angeles County man broke into thousands of Apple iCloud accounts and collected more than 620,000 private photos and videos in a plot to steal and share images of nude young women, federal authorities say. Hao Kuo Chi, 40, of La Puente, has agreed to plead guilty to four felonies, including…
Internal emails raise questions about government’s investigation into Walgreens privacy breach
I am so glad to see a follow-up on this case because I had the same questions about how and why Walgreens did not suffer the same federal penalties as CVS and Rite Aid for the same infringement of HIPAA. My original coverage of this breach is no longer online as the former version of…
AZ: 200 Kingman residents affected by city’s cyber attack; cause still not determined
AP reports: A recent investigation into a massive cyberattack against the city of Kingman shows that up to 200 residents had their personal information breached, yet the city still can’t explain how their system was infiltrated. Kingman city officials said the completed investigation revealed that a “limited number” of residents’ information were affected by the…
FBI sends its first-ever alert about a ‘ransomware affiliate’
Catalin Cimpanu reports: The US Federal Bureau of Investigations has published today its first-ever public advisory detailing the modus operandi of a “ransomware affiliate.” A relatively new term, a ransomware affiliate refers to a person or group who rents access to Ransomware-as-a-Service (RaaS) platforms, orchestrates intrusions into corporate networks, encrypt files with the “rented ransomware,”…