Andrew Martin reports: Consumers may soon be able to buy electronic products with a label indicating they are “cyber secure,” according to US officials. The White House on Tuesday announced the launch of a new US Cyber Trust Mark, indicating designated items follow best practices to avoid possible hacks. Products with the cyber mark are…
PowerSchool discloses breach affecting hosted and self-hosted school k-12 districts (2)
Yesterday, PowerSchool disclosed that on December 28, it had become aware of a data breach that affected some, but not all, of its PowerSchool clients. PowerSchool Student Information System (SIS) is used by school districts worldwide to help schools manage student educational records including grades, attendance, and enrollment. Emails were sent to all PowerSchool clients…
HHS Office for Civil Rights Settles 8th Ransomware Investigation with Elgon Information Systems
Today, the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) announced an $80,000 settlement with Elgon Information Systems (Elgon), a Massachusetts company that provides electronic medical record and billing support services to covered entities, under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule. OCR enforces the HIPAA Privacy,…
Two ransomware groups claimed they attacked Rutherford County Schools. One leaked sensitive records. (UPDATED)
From the “Wait-What-Happened-Here Dept:” On October 19, the Black Suit ransomware group announced that they had attacked Rutherford County Schools in Tennessee. Their listing, posted on their dark web site, included what appears to be an indication of what data and how much data they were able to exfiltrate. It did not indicate whether they…
Many researchers are pseudonymous. That doesn’t justify ignoring their alerts.
For many years, the FTC has published guidance for businesses to Start with Security. Their advice has always included having a clear way to receive security alerts about vulnerabilities. That advice has been repeated in all updates, including their 2023 version. Why do I mention that now? Because once again, attempts to warn a company…
New York Modifies Data Breach Law Heading Into 2025
Liisa M. Thomas and Kathryn Smith of Sheppard Mullin write: As 2024 came to a close, New York Gov. Hochul signed two bills (A8872A and S2376B) amending New York’s data breach law. The modifications change both what constitutes personal information under the law, as well as modifying notification timing. The notice modification is now in effect; the…