From a press release from the NYS Attorney General’s Office today: New York Attorney General Letitia James today secured $350,000 from a Long Island-based home health care company, Personal Touch Holding Corporation (Personal Touch), for failing to protect vulnerable New Yorkers’ personal information and health care data. Personal Touch’s poor data security made it vulnerable to…
Category: U.S.
UPDATE: D.C. Board of Elections data breach contained fewer than 4,000 D.C. voters’ data
On October 6, DataBreaches reported a breach allegedly containing more than 600,000 lines of data on registered voters in D.C., where, according to the threat actors who listed it, each line represented one voter’s records. Although there may have been 600k lines of data as previously reported, the D.C. Board of Elections released a statement…
Inmediata settles multi-state litigation for $1.14 million; will improve data security and breach notification practices
Indiana Attorney General Rokita led a coalition of 33 attorneys general in a multi-state investigation and litigation against health care clearinghouse Imnediata stemming from a breach disclosed in 2019. Background In January 2019, HHS OCR alerted Inmediata that protected health information (PHI) maintained by Inmediata was available online and had been indexed by search engines….
KwikTrip all but says IT outage was caused by a cyberattack
Lawrence Abrams reports: Kwik Trip has released another statement on an ongoing outage, all but confirming it suffered a cyberattack that has led to IT system disruptions. Kwik Trip is a US chain of over 800 convenience stores and gas stations in Michigan, Minnesota, and Wisconsin, also operating under the name Kwik Star in Illinois,…
Henry Schein Inc. discloses cyberattack
Newsday reports: Henry Schein Inc., Long Island’s largest publicly traded company, said that a “cybersecurity incident” it discovered Saturday affected some of its manufacturing and distribution businesses. “Henry Schein promptly took precautionary action, including taking certain systems offline and other steps intended to contain the incident, which has led to temporary disruption of some of Henry…
Oklahoma City University data breach lawsuit dismissed
Jessy Edwards and Jon Styf provide an update to a previously reported class action lawsuit against Oklahoma City University: A judge dismissed an Oklahoma City University class action lawsuit regarding a data breach, saying the plaintiff did not show any injury or identity theft as a result of the breach. U.S. District Judge Timothy G….