Ah. I was waiting for an explanation of an entry in HHS’s breach tool about a Long Island chiropractic practice incident that impacted 1,200 patients. Here it is, below. I’m pleased to see that the doctor is now removing some identity information from the system. I wish more practices would do that. This Notice of Potential Breach of Personal…
When do covered entities need to report ransomware incidents to HHS?
At the PHI Protection Network conference last week, we spent a lot of time discussing the increasing rate of ransomware attacks. I asked a number of people whether they thought that ransomware attacks that (merely) locked up the data with no evidence of exfiltration had to be reported to HHS. I got a variety of…
Ontario hospital website may have infected visitors with ransomware, security firm says
Emily Chung reports: The website of an Ontario hospital may have infected the computers of patients and staff with ransomware planted on the site during a hack attack, the internet security company Malwarebytes warns. Norfolk General Hospital, located in Simcoe, Ont., confirms its website was hacked by cybercriminals, but denies that visitors were ever at risk. […] Jérôme Segura, a senior security researcher with Malwarebytes, reported in a blog…
AU: Hack attempt forces WA public transport systems offline
Allie Coyne reports: Western Australia’s public transport department has taken its websites and internal systems offline after detecting an attempted hack this morning. The Public Transport Authority, which runs the state’s trains, buses and ferries, shut down the websites for Transperth, RightTrack, School Bus Services, Get on Board and its own PTA website just before…
Jury Awards Calif. Mortgage Co. $25M For Rival’s Data Theft
There’s a follow-up to an insider theft case previously noted on this site. Y. Peter Kang reports: A California state jury on Tuesday awarded $25.1 million in damages to Mount Olympus Mortgage Co., finding rival mortgage lender Guaranteed Rate Inc. liable for illegally transferring hundreds of private consumer loan files from MOMCo’s computer systems, according…
IRS suspends new security feature for lack of security
From the we-should-have-expected-this dept., Adam Winer reports: An IRS program that was supposed to help protect vulnerable taxpayers has been partially suspended, because it turns out the program wasn’t all that secure. An “IP pin code” program is supposed to add another layer of security to those filing tax return forms, but in March, the…