Lawrence Abrams reports that Roanoke College in Virginia is delaying the start of spring semester while they continue to try to recover from what sounds like a ransomware attack. “On Saturday, Dec. 12, Roanoke College experienced a cyber event which impacts our ability to access files. The College’s IT staff disconnected the College’s network and…
One year later, Saskatchewan government still isn’t sure what data were exfiltrated in cyberattack
Back in June, Canadian news outlets provided an update on a ransomware attack on Saskatchewan’s eHealth system that had occurred on December 20, 2019. Now as the year draws to a close, the government still doesn’t know whether personal information was compromised in the attack. And no, this is not uncommon. It is often very…
Dell Wyse Thin Client scores two perfect 10 security flaws
Thomas Claburn reports: Dell, which pitches its Wyse ThinOS as “the most secure thin client operating system,” plans to publish an advisory on Monday for two security vulnerabilities that are as bad as they could possibly be. CVE-2020-29491 and CVE-2020-29492 are both critical flaws, managing a perfect (although unwelcome) CVSS score of 10 out of…
Vn: Leaky Server Exposes 12 Million Medical Records to Meow Attacker
Phil Muncaster reports: A healthcare technology company leaked 12 million records on patients including highly sensitive diagnoses, before the exposed cloud server was struck by the infamous “meow” attacker, researchers have revealed. A team at SafetyDetectives led by Anurag Sen discovered the leaky Elasticsearch server in late October after a routine IP address scan, although…
OCR Settles Thirteenth Investigation in HIPAA Right of Access Initiative
The Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) announces its thirteenth settlement of an enforcement action in its HIPAA Right of Access Initiative. OCR announced this initiative as an enforcement priority in 2019 to support individuals’ right to timely access their health records at a reasonable cost…
Update: Ransomware downed UVM Medical Center systems, but no payment made
Katie Jickling reports: University of Vermont Medical Center’s IT chief revealed Tuesday that it was a ransomware attack that downed the hospital’s online systems in October. Jickling’s article provides a helpful update from what happened to how things are going with restoration. The hit was obviously a serious one, as information on 1,300 servers was encrypted, and the…