Christopher Janaro writes: The prevailing wisdom from cybersecurity experts is that trying to negotiate with ransomware hackers is a bad idea, but on December 30, 2020, one victim broke the rules and gave it a shot. “Help?” they typed into one of the compromised computers. “Hello,” one of the hackers replied. “Are you ready to…
Health Data and Investigations: Between a Rock and a Hard Place
Matt Fisher writes: Demands for medical records can stem from a variety of investigations, which can involve a myriad of sources. The most recent example driving headlines is an investigation involving Vanderbilt University Medical Center (“VUMC”). VUMC disclosed records concerning treatment of transgender patients to the Tennessee Attorney General. According to the Attorney General, an investigation of…
Listing for sale of U.S. Education Department data may not be what you expect
Yesterday, a listing appeared on a popular hacking forum offering data for sale that were reported to be from the US Department of Education (Ed.gov). According to the listing, the leaked information includes: “ID, UserID, UserName, MobileNumber, LevelID, ConsumerID, Type, FeedBack, SubjectID, Subject, Replied, Token, Completed, Date, Updated, Deleted, and Origin” DataBreaches contacted the…
Police officer loses laptop and notebook as he drives along motorway after leaving them on roof of his car in fourth data breach by single police force
Katherine Lawton reports: A police officer lost his laptop and notebook as he drove along the motorway after leaving them on the roof of his car – in the fourth data breach by a single force. The PSNI said it is investigating after a senior officer revealed sections of the lost notebook remain outstanding. Read more…
IL: Morris Hospital discloses breach that Royal claimed responsibility for in May; notifies 248,943
Morris Hospital & Healthcare Centers (Morris Hospital) has issued a notification concerning a cybersecurity incident they discovered on April 4. The incident affects current and former patients of Morris Hospital and current and former employees and their dependents or beneficiaries. According to their explanation, their forensic investigation determined that “just prior to the incident,” data…
Insider-Wrongdoing in the Healthcare Sector
Michelle Del Guercio writes: On June 8, the Health Sector Cybersecurity Coordination Center (“HC3”) published Types of Cyber Threat Actors That Threaten Healthcare. In that publication, they identify five basic types of insider threats: careless or negligent workers malicious insiders inside agents disgruntled employees third parties In 2016, when Protenus and DataBreaches first began collaborating on…