The law firm of BakerHostetler has recently released several free resources of note: EU GDPR Data Breach Notification Interactive Map State Data Breach Notification Law Interactive Map PDF Version of State Data Breach Notification Laws They have also released their annual Data Security Incident Response Report for 2023. Thanks, as always, to Joe Cadillic for…
How 50% of telco Orange Spain’s traffic got hijacked — a weak password
Kevin Beaumont explains: So here’s a funny story. Earlier today, I noticed Orange Spain had an outage, caused by what appeared to be a BGP hijack: […] So, how did it happen? The threat actor accessed Orange’s RIPE account. RIPE look after internet IP addresses, basically the phone book of the internet. From their RIPE…
Personal, pregnancy details of Midwives of Windsor patients breached
CBC reports: A data breach involving email has exposed the personal and pregnancy information of an unknown number of clients of the Midwives of Windsor, CBC News has learned. The breach was reported to Ontario’s Information and Privacy Commissioner months before it was disclosed to clients of the practice. Read more at CBC.
Attorney General James Reaches Agreement with Refuah Health Center to Invest $1.2 Million to Protect Patient Data and Pay $450,000 in Penalties to State
January 5, 2024 NEW YORK – New York Attorney General Letitia James today announced an agreement with a Hudson Valley-area health care provider, Refuah Health Center, Inc. (Refuah), for failing to safeguard the personal and private health information of its patients. The Office of the Attorney General (OAG) found that Refuah failed to maintain appropriate controls to protect and limit access to sensitive data, including by failing to encrypt patient information and using multi-factor authentication. As…
Major Us Museums Suffer Cyberattack Fallout
ArtForum reports: Several US arts institutions were rendered unable to display their collections online after a cyberattack struck a tech service provider used by the museums, the New York Times reports. Among those affected by the breach targeting Gallery Systems, which aids cultural institutions in managing internal documents and displaying works digitally, were the Museum of Fine…
Medical Device Cybersecurity: Agencies Need to Update Agreement to Ensure Effective Coordination — GAO
GAO-24-106683 Published: Dec 21, 2023. Publicly Released: Dec 21, 2023. Highlights: What GAO Found According to the Department of Health and Human Services (HHS), available data on cybersecurity incidents in hospitals do not show that medical device vulnerabilities have been common exploits. Nevertheless, HHS maintains that such devices are a source of cybersecurity concern warranting…