A reminder of the insider threat: A former NHS employee has been found guilty and fined for illegally accessing the medical records of over 150 people. Loretta Alborghetti, from Redditch, worked as a medical secretary within the Ophthalmology department at Worcestershire Acute Hospitals NHS Trust when she illegally accessed the records. In June 2019, a…
Does claiming you were hacked when you had really just screwed up violate the FTC Act?
On November 12, DataBreaches published an OpEd, If entities continue to obfuscate and lie, it’s time to mandate more transparency in breach disclosures. Today, we post another example of why we need to legislate and enforce data breach notification laws that prohibit deceptive statements and mandate more disclosure when data has been leaked. This week,…
CEOs of Ontario hospitals hit by ransomware attack provide updates on impact and look for no ransom payment legislation
Jennifer LaGrassa reports: For the first time, top leadership from the five southwestern Ontario hospitals hit by a ransomware attack answered questions from the media — acknowledging the significant impact the incident has had on care, as well as the large amount of stolen data. During the roughly 50-minute meeting on Friday, each hospital CEO said their…
NoEscape gang continues to use DDoS to pressure reluctant victims to negotiate
Over on SuspectFile, Marco A. De Felice reports that the NoEscape ransomware gang is threatening to release 1.5 TB of data from PruittHealth Network. De Felice was unable to obtain any statements or responses from either PruittHealth or the threat actors, but notes that the threat actors claim to have attacked Pruitt on November 13…
Long Beach Declares ‘Local Emergency’ After Cyber Incident
Industry Insider reports: At a special meeting Friday afternoon, members of the Long Beach City Council approved City Manager Tom Modica’s Proclamation of Local Emergency following a “potential cybersecurity incident” earlier in the week. The city said in a news release the move would help smooth and strengthen its response to the event, which happened Tuesday….
Was Yakima Valley Radiology the victim of a cyberattack? They’re not answering that.
On September 24, Karakurt threat actors added Yakima Valley Radiology PC to their leak site. Their listing claimed that they acquired 9.31 GB of files including “financial reports, client lists with contacts, list of patients for 15 years (212579 rows), a database of social security numbers (including staff, doctors) with 766000 rows.” Karakurt did not…