James Rundle reports: New York regulators Monday plan to issue cybersecurity regulations for hospitals, after a series of attacks crippled operations at medical facilities. Under draft rules reviewed by The Wall Street Journal, New York will require general hospitals to develop and test incident response plans, assess their cybersecurity risks and install security technologies such…
Time’s up, Sunday edition: Some Jeffco Public Schools data was leaked, some data was put up for sale
As first reported on DataBreaches on Friday, SingularityMD indicated that they would be leaking or selling Jeffco Public Schools data. They followed through. In one thread on a popular hacking forum, they leaked what they claim is a 500 MB csv file for an AD Export from November 2020. The leak contains “includes hashed passwords,…
If entities continue to obfuscate and lie, it’s time to mandate more transparency in breach disclosures
— An OpEd by DataBreaches– When it comes to data breach disclosures, the very same entities who claim to take our privacy and security very, very seriously are generally not being transparent in their breach disclosures. Their refusal to be transparent often results in consumers and patients being left in the dark about the risks…
Was a recent OCR settlement fair? Maybe, but maybe not.
Sometimes you think you did a good job — and sometimes you actually did do a good job compared to everyone else — but someone comes along and says what you did wasn’t satisfactory at all. And when that “someone” is the U.S. Department of Health and Human Services Office of Civil Rights (HHS OCR),…
Michael Garron Hospital confirms some employee and clinician data stolen in cyberattack; Akira claims it stole 882,000 files
As the Toronto Star and CBC first reported last month, Michael Garron Hospital in Toronto has been investigating a cyberattack it discovered on October 23. In its update on October 26, the hospital reported that it was actively investigating what they labeled a “data security incident.” “At this time, there are no known impacts to…
It’s Still Easy for Anyone to Become You at Experian
Brian Krebs reports: In the summer of 2022, KrebsOnSecurity documented the plight of several readers who had their accounts at big-three consumer credit reporting bureau Experian hijacked after identity thieves simply re-registered the accounts using a different email address. Sixteen months later, Experian clearly has not addressed this gaping lack of security. I know that because my account at…