Jeremiah Fowler reports finding another exposed database with a lot of personal information. This one may belong to SL Data Services, LLC, though Fowler notes that the folders inside it were named with separate website domains. “It appears that the company operates a network of an estimated 16 different websites, offering a range of information…
PDPC: Breach of the Protection Obligation by HMI Institute of Health Science
A financial penalty of $10,000 was imposed and directions were issued to HMI Institute of Health Science for failing to put in place reasonable security arrangements to protect the personal data of former students. Case No. DP-2405-C2321 HMI Institute of Health Science Pte. Ltd. (the “Organisation”) is a healthcare training provider in Singapore. On 2…
Changes Are Likely on the Horizon for the Federal Healthcare Portfolio, in Areas Including Cybersecurity and in Regulatory Enforcement
Nicole K. Macris and Gabriel S. Oberfield of Bond Schoeneck & King PLLC write: Federal healthcare administration undoubtedly will look different in 2025 than it does as we close 2024. In the aftermath of the Republican party victories during this month’s Federal elections – and if the past is prelude – the Federal focus concerning…
Administrative fine of €330,000 issued to Polish medical company after a hacking incident
Background information Date of final decision: 20 May 2024 National case Legal Reference (s): Article 5 (Principles relating to processing of personal data), Article 24 (Responsibility of the controller), Article 32 (Security of processing) Decision: Administrative fine, Compliance order Key words: Accountability, Administrative fine, Data subject rights, Hacker attack, National identification number, Responsibility of the controller…
Russia arrests cybercriminal Wazawaka for ties with ransomware gangs
Sergiu Gatlan reports: Russian law enforcement has arrested and indicted notorious ransomware affiliate Mikhail Pavlovich Matveev (also known as Wazawaka, Uhodiransomwar, m1x, and Boriselcin) for developing malware and his involvement in several hacking groups. While the prosecutor’s office has yet to release any details on the individual’s identity (described as a “programmer” in court documents),…
Cyberattack on debt acquisition firm Cabot involved theft of 394,000 data files, court hears
The Irish Times reports: A cyber attack targeting acquisition and credit servicing firm Cabot involved theft of some 394,000 data files, including material related to its direct customers and its loan book, the High Court has heard. Cabot Financial (Ireland) Ltd, Cookstown Court, Old Belgard Road, Tallaght, Dublin, claims there are “persons unknown” behind the attack along with a…