Legacy data and servers have bitten another entity. Kudos to Addison Northwest School District (ANWSD), though, for the clarity of their public notice, linked prominently from their home page. Their notice: We want to inform our community about a recent cybersecurity incident involving Addison Northwest School District (ANWSD). During an investigation into a breach affecting…
Category: U.S.
DOJ confirms arrested US Army soldier is linked to AT&T and Verizon hacks
Zack Whittaker reports: U.S. prosecutors have formally linked the arrest of a serving U.S. Army soldier in December to a massive theft of U.S. phone records from AT&T and Verizon last year. Authorities arrested Cameron John Wagenius, a U.S. Army communications specialist, in Texas on December 20 following a brief two-page grand jury indictment accusing the U.S….
HHS Office for Civil Rights Settles HIPAA Ransomware Cybersecurity Investigation for $10,000
Settlement with Northeast Surgical Group marks OCR’s 10th ransomware enforcement action and 4th enforcement action in OCR’s Risk Analysis Initiative. Today the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) announced a settlement with Northeast Surgical Group, P.C. (NESG), a provider of surgical services in Michigan, for a potential violation…
FTC Takes Action Against GoDaddy for Alleged Lax Data Security for Its Website Hosting Services
Proposed order will prohibit GoDaddy from misleading customers about its security protections and require it to establish a robust information security program January 15, 2025 The Federal Trade Commission will require web hosting company GoDaddy to implement a robust information security program to settle charges that the company failed to secure its website-hosting services against…
New York Modifies Data Breach Law Heading Into 2025
Liisa M. Thomas and Kathryn Smith of Sheppard Mullin write: As 2024 came to a close, New York Gov. Hochul signed two bills (A8872A and S2376B) amending New York’s data breach law. The modifications change both what constitutes personal information under the law, as well as modifying notification timing. The notice modification is now in effect; the…
ConnectOnCall breach exposes health data of over 910,000 patients
Sergiu Gatlan reports: Healthcare software as a service (SaaS) company Phreesia is notifying over 910,000 people that their personal and health data was exposed in a May breach of its subsidiary ConnectOnCall, acquired in October 2023. ConnectOnCall is a telehealth platform and after-hours on-call answering service with automated patient call tracking for healthcare providers. “On…