Some state and federal laws provide specific timeframes by which breached entities must provide notice to regulators and to those affected by a data breach. Unfortunately, loopholes abound, as we seen in statutory language such as Minnesota’s breach notification law, where for timing of notification, it says: “The disclosure must be made in the most…
Category: U.S.
Quick note: Two more school districts hit by cyberattacks: Skokie-Morton Grove, Decatur ISD
Brett Callow of Emsisoft notes that LockBit has added Skokie-Morton Grove School District 69 in Illinois to their leak site. No proof of claim was posted and no description of any data allegedly stolen was provided. Elsewhere, The Messenger reports that Decatur ISD in Texas suspects a cybersecurity attack is responsible for the internet and…
Schneck Medical Center settles Indiana Attorney General’s lawsuit over 2021 data breach
Jackson County Schneck Memorial Hospital (Schneck Medical Center) was a victim of a cyberattack in 2021. Its 2021 and 2022 disclosures about the breach and its lack of timely breach notification resulted in a potential class action lawsuit filed in 2022. Its lack of appropriate and timely disclosures and information patients needed to protect themselves…
Rite Aid, one of many victims in MOVEit breach, sued for negligence
Rite Aid was one of numerous entities affected by the massive MOVEit breach. In July, they disclosed that 24,400 patients’ pharmacy information including medication names and dates of fill, prescriber information and limited insurance information was involved. They were notified by their vendor of the breach on May 31. Now it is reportedly being sued,…
Dallas delays release of report that reviews ransomware response
Everton Bailey Jr. reports that if you were hoping to get the promised release of the report on Dallas’s response to the ransomware attack by Royal, you’ll have to wait at least two more weeks. The last council meeting ran late and the council never got to review the report, which needs to happen before…
More than a year later, Lifeline Health Systems notifies 75,000 people of a data breach
Lifeline Health Systems is a HIPAA-covered entity, although not all the data involved in their 2022 breach was protected health information. Some of the data related to employees and family members. But here’s the timeline Lifeline provides in their notification template: On August 6, 2022, we identified unusual network activity. We immediately initiated our incident…