Richard Montenegro Brown and Jayson Barniske report: Imperial Valley College releases a brief press statement with some additional information.) A ransomware attack unleashed on Imperial Valley College’s computer system on Aug. 6 brought down critical systems that remained offline and will likely continue until further notice, a college spokesperson confirmed. Read more on Calexico Chronicle.
SANS infosec training org suffers data breach after phishing attack
Lawrence Abrams reports: The SANS cybersecurity training organization has suffered a data breach after one of their employees fell victim to a phishing attack. […] In a notification posted to their site today, SANS states that one of their employees fell for a phishing attack that allowed a threat actor to gain access to their…
Germany Prepares New Law for Patient Data Protection and Increased Digitalisation in Healthcare and for “Data Donations” for Research Purposes
Dr. Adem Koyuncu and Valerie Mei of Covington & Burling write: On 3 July 2020, the German parliament passed a draft bill (German language) for patient data protection and for more digitalisation in the German healthcare system (Patientendaten-Schutz-Gesetz). The draft bill is currently in the legislative procedure and is expected to enter into force in…
Security researcher publishes details and exploit code for a vBulletin zero-day
Catalin Cimpanu reports: A security researcher has published details and proof-of-concept exploit code for a zero-day vulnerability in vBulletin, one of today’s most popular forum software. The zero-day is a bypass for a patch from a previous vBulletin zero-day — namely CVE-2019-16759, disclosed in September 2019. Read more on ZDNet. Lawrence Abrams of BleepingComputer has…
Ashley County Medical Center investigates former employee accused of violating federal privacy laws
Gabrielle Phifer reports: Ashley County Medical Center is investigating a former employee they claim inappropriately viewed medical records of 772 patients. According to a release, ACMC’s policy and procedures revealed that a former employee, who has been identified as a nurse, accessed some patient information for purposes unrelated to care and treatment. Based on investigations…
Three more medical practices hit by ransomware
Atlanta does not seem to be a safe place for cybersecurity of orthopedic patients’ data. In 2016, orthopedic clinics in Atlanta got clobbered by two big breaches involving thedarkoverlord. The first was a hack and extortion demand on Athens Orthopedic Clinic, an organization that had more than a dozen locations but somehow didn’t have enough…