NIST SP 1800-24 OCR is sharing the National Cybersecurity Center of Excellence’s (NCCoE) at the National Institute for Standards and Technology (NIST) SP 1800-24, Securing Picture Archiving and Communication System (PACS): Cybersecurity for the Healthcare Sector. This practice guide can help HIPAA covered entities and their business associates implement current cybersecurity standards and best practices to…
Category: U.S.
WA: City of Ellensburg is the victim of a ransomware cyberattack
Dylan Carter reports that the city confirms it is the victim of a ransomware attack. The type of ransomware has not been named publicly, nor the amount of any ransom demand. The majority of the City of Ellensburg’s network drives and data cannot be accessed. With that being the case, all city departments are being…
Huntsville City School warns parents that personal info may have been stolen in ransomware attack
On December 1, Huntsville City Schools shut down classes for the day due to a ransomware threat. Now, after three weeks of investigating the situation, the district is warning parents about personal information being compromised in the attack. Megan Reyna of WAAY31 reports: School leaders say it is possible social security numbers and email addresses…
TennCare announces privacy breach impacting 3,300 members
WKRN reports: TennCare, Gainwell Technologies LLC, and Axis Direct, Inc. announced a privacy breach impacting certain TennCare members in a joint statement on Monday. According to the statement, around 3,300 Medicaid members in the state of Tennessee have been notified of a privacy issue that may have impacted their health information. Gainwell, which runs the…
Ransomware threat actors dump data from yet another k-12 district
The past few days have not been great ones for k-12 districts. As this site reported, DoppelPaymer ransomware threat actors recently dumped data from both Pascagoula-Gautier School District in Mississippi and Gardiner Public Schools in Montana. Now a third school district has also had some of their data dumped. On December 14, this site had…
Federal Financial Agencies Propose Requirement for Computer Security Incident Notification
A press release from the FDIC on December 18: Federal financial regulatory agencies today announced a proposal that would require supervised banking organizations to promptly notify their primary federal regulator in the event of a computer security incident. In particular, alerts would be required for incidents that could result in a banking organization’s inability to…