Following up on a settlement yesterday that was HHS’s first enforcement action under OCR’s Risk Analysis Initiative, HHS OCR today released a security risk assessment tool. Here is their statement about it: Today, the U.S. Department of Health and Human Services Office for Civil Rights (OCR) and the Assistant Secretary for Technology Policy (ASTP) are…
Fourth Circuit hears oral arguments about the sentencing of Conor Brian Fitzpatrick (aka “Pompompurin”)
On October 29, the Fourth Circuit Court of Appeals heard oral arguments in the government’s appeal of Conor Brian Fitzpatrick’s sentence. At issue was whether District Court Judge Leonie M. Brinkema had abused her discretion in sentencing Fitzpatrick and whether her sentence was “substantively unreasonable.” Judges have discretion in sentencing and courts are often reluctant…
FBI has conducted more than 30 disruption operations in 2024
Christian Vasquez reports: The FBI is seeing progress in the fight against ransomware gangs after conducting more than 30 disruption operations this year in which officials targeted the infrastructure used by those groups, one of the bureau’s top cybersecurity officials said Wednesday. Cynthia Kaiser, deputy assistant director of the FBI’s cyber division, said during CyberScoop’s…
No: Administrative fine issued to Grue municipality under GDPR
The Norwegian data protection authority (Datatilsynet) has imposed an administrative fine of NOK 250,000 [USD $22,669.69] on Grue municipality for breach of GDPR requirements. They explain: Personal data that should have been confidential was made available to unauthorised persons in the municipality’s public records. This constitutes a breach of the municipality’s duty to ensure adequate…
Today’s reminder of the insider threat: LG Electronics USA
From a notification sent to the New Hampshire Attorney General’s Office by external counsel for LG Electronics U.S.A. (LGEUS): Earlier this month, in the course of investigating certain matters relating to a recent resignation by a (now former) Payroll Manager at LGEUS, the Company determined that the former employee — during the course of their…
HHS Office for Civil Rights Settles HIPAA Ransomware Cybersecurity Investigation for $90,000
HHS OCR announced a second ransomware investigation settlement today. This one involved Bryan County Ambulance Authority (BCAA), a provider of emergency medical services in Oklahoma. The Bryan County Ambulance Authority breach occurred in November 2021, but was only first reported to HHS on May 18, 2022. It affected 14,273 patients. HHS’s press release (below) notes…