Wale Aliyu reported: Back in school remotely for many schools means back in the fight against hackers. Most of the time they’re remote, but the Tyngsborough school district says it had a hack from someone in person and possibly intentional. It’s not going to be easy for the school to track down the culprit because…
Hackers Share Fairfax County Schools Employees’ SSNs Online
Yesterday, Drew Wilder reported an update to the Fairfax County Public School ransomware incident previously noted on this site: Hackers are sharing more private information after hacking a Virginia public school system’s computer system. Several hundred Fairfax County Public Schools employees’ names and Social Security numbers are now floating around the dark web. That was…
OCR Settles Ninth Investigation in HIPAA Right of Access Initiative
From HHS, yesterday: The Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) announces that it has settled its ninth enforcement action in its HIPAA Right of Access Initiative. OCR announced this initiative as an enforcement priority in 2019 to support individuals’ right to timely access to their health…
Community Health Systems settles charges by 28 states over 2014 data breach
It’s been an expensive few weeks for Community Health Systems and CHSPSC. First, a few weeks ago, HHS announced that CHSPSC LLC, (“CHSPSC”) has agreed to pay $2,300,000 to the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) and to adopt a corrective action plan to settle potential…
Office of the Comptroller of the Currency fines Morgan Stanley $60 million for 2016 data breach
Brendan Pedersen reports: Morgan Stanley was slapped with a $60 million fine by regulators Thursday for risk management problems tied to a 2016 data breach. The consent order by the Comptroller of the Currency cited failures at both Morgan Stanley Bank, N.A., and Morgan Stanley Private Bank, N.A. related to the shutdown of two wealth…
Amid an Embarrassment of Riches, Ransom Gangs Increasingly Outsource Their Work
Brian Krebs reports: There’s an old adage in information security: “Every company gets penetration tested, whether or not they pay someone for the pleasure.” Many organizations that do hire professionals to test their network security posture unfortunately tend to focus on fixing vulnerabilities hackers could use to break in. But judging from the proliferation of…