Over on Infosec.Exchange, Wendy Nather mentioned an open letter that is noteworthy for its approach to improving cybersecurity. The letter to presidential candidates’ transition teams, relevant federal agencies, and members of Congress begins: The federal government focuses primarily on cybersecurity as it relates to national security. This priority is essential, but the framing allows many small,…
How many similar breaches can one entity have in one year before regulators do something?
How many data breaches can an entity have before either some regulator steps in with a corrective action plan or something happens to reduce the likelihood of more breaches? Consider the following: Breach # 1 On February 22, 2022, Minuteman Senior Services (MSS) identified suspicious activity related to an employee’s email account. According to the notification…
HHS Office for Civil Rights Settles Ransomware Cybersecurity Investigation for $500,000
A press release from HHS OCR today announces a settlement with Plastic Surgery Associates of South Dakota. In July 2017, DataBreaches reported that the entity was notifying 10,200 patients after a ransomware incident. Today, the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR), announced a settlement with Plastic Surgery…
Summit Pathology Laboratories notified 1.8 million patients of a breach. Less than 48 hours later, they were sued. (1)
On October 18, Summit Pathology and Summit Pathology Laboratories (“Summit”) in Colorado notified HHS of a breach affecting 1,813,538 patients. By October 21, personal injury law firms started reporting on the breach and recruiting potential plaintiffs. On October 22, Karen Alexander became aware that Summit had sent her and her family members notifications to their…
North Korean Group Collaborates with Play Ransomware in Significant Cyber Attack
Ravie Lakshmanan reports: Threat actors in North Korea have been implicated in a recent incident that deployed a known ransomware family called Play, underscoring their financial motivations. The activity, observed between May and September 2024, has been attributed to a threat actor tracked as Jumpy Pisces, which is also known as Andariel, APT45, DarkSeoul, Nickel Hyatt,…
FBI investigated Disney World cyberattack after restaurant menus were changed
Gabrielle Russon reports on your latest reminder of the insider threat: A fired Disney World employee is accused of hacking into an online system and altering Disney World restaurant menus by changing fonts and prices, adding profanity and manipulating the food allergy warnings, according to new federal documents. The cyberattack caused at least $150,000 in damage…