The Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) announces its eleventh settlement of an enforcement action in its HIPAA Right of Access Initiative. OCR announced this initiative as an enforcement priority in 2019 to support individuals’ right to timely access to their health records at a reasonable…
AU: Newcastle Grammar School Targeted In Cyber Attack
Ian Crouch reports: Newcastle Grammar School has been the target of a cyber attack by criminals. School officials became aware of the attack at the weekend, with ransomware used to encrypt and destroy part of the school’s IT network. Fairfax reports the perpetrators have tried to extort money from the school to unlock the damage….
“Email Appender” Implants Malicious Emails Directly Into Mailboxes
As if we didn’t have enough breaches that start by compromising an employee’s email account, now there’s more to worry about. Imagine that despite training your employees to be careful, and despite using updated AV or other software to detect nasties, a threat actor could deliver malware-laden emails directly into your employees’ inboxes. Will employees…
Pell City notifies residents of vendor breach
On September 20, this site noted a breach impacting some residents of Pell City, Alabama. At that time, there were many unanswered questions based on the little the city had disclosed. Now they have published a press release that reveals that the breach involved their vendor, Technology Management Resources (TMR). The TMR breach had been…
Breach Lawsuit Spotlights Complex Vendor Issues
Marianne Kolbasuk McGee reports on a lawsuit that stems from a breach first reported on this site in March, 2019. She reports: A medical device maker has sued an IT vendor in the wake of an email server migration mishap that exposed the health data of more than 277,000 individuals. The case illustrates the complexities…
More drama on a forum, and a slew of new databases dumped
It looks like the threat actor known as ShinyHunters was active again. It also looks like there was some drama about a sale of databases that was supposed to be exclusive but wasn’t, and databases and links to databases getting dumped. What databases, you wonder? Well, BleepingComputer reports on the Animal Jam database, and there…