Zach Clemens reports that Estes Park Health suffered a ransomware attack on June 2. No data was exfiltrated, but it was locked up, and after consulting with their cyberinsurer and IT people, they decided that they had to pay the ransom. “At that point in time we are looking at the patients we have internally,…
Three U.S. Universities Disclose Data Breaches Over Two-Day Span
Sergiu Gatlan reports: Three U.S. universities have disclosed data breach incidents impacting personally identifiable information of students or employees following unauthorized access to some of their employees’ email accounts. All three universities — Graceland University, Oregon State University, and Missouri Southern State University — have notified the individuals whose personal information was potentially stolen or…
OH: N.E.O. Urology pays attackers $75,000 after ransomware attack
Corey Vallas reports N.E.O. Urology in Boardman, Ohio paid attackers $75,000 after their computer systems were encrypted by ransomware. Police say the fax listed “Pay4Day.io” as the contact for further information. Read more on WFMJ. There is no notice on the medical practice’s web site as of the time of this posting, but it’s interesting…
Maryland Amends Data Breach Law
Hunton Andrews Kurth writes: Maryland Governor Larry Hogan recently signed into law House Bill 1154 (the “Bill”), which amends the state’s data breach notification law. Among other obligations, the amendments expand the required actions a business must take after becoming aware of a data security breach. Under the existing data breach notification law, a business…
$27K in restitution ordered for man who hacked Palo Alto Online
Sue Dremann reports the follow-up on a hack that occurred in 2015 and that was previously reported on this site. The 36-year-old man who hacked and temporarily shut down Palo Alto Online and other Embarcadero Media websites nearly four years ago was sentenced Wednesday in San Jose federal court to time already served, one-year of…
Hacker hits Symantec and accesses passwords
Mark Wyciślik-Wilson reports: Security firm Symantec was attacked by a hacker back in February, but the company did not reveal details of the incident. The attack has been brought to light by Guardian Australia which has seen some of the data extracted by hackers. This comprises not only passwords, but what is thought to be…