The UK Information Commissioner has agreed to reduce the £500,000 Monetary Penalty Notice (MPN) imposed on the Cabinet Office in 2021 in relation to the New Year Honours data breach to £50,000, which the Cabinet Office has agreed to pay, reflecting our new approach to working more effectively with public authorities. The UK Information Commissioner issued its fine…
Vendor Hack Tied to 20 Anesthesiology Practice Breaches
Marianne Kolbasuk McGee reports: A hacking incident at a New York-based administrative services firm has resulted in a growing list of anesthesiology practices reporting breaches that so far have affected the personal information of about 430,000 people. Somnia Inc., in Harrison, New York, is a physician-owned anesthesia management services firm that also appears to have…
UK: NHS cyber attack hits patient care with records left in ‘chaos’ three months on
Connie Dimsdale reports: Patient care is still being undermined at NHS mental health trusts and social care providers that were hit by a major cyber attack in August, doctors have warned. Three months after the major attack wiped out NHS systems, patients’ records are missing, safety has been compromised, and medication doses are at risk of being…
A state-appointed receiver is investigating a phishing scam that drained $400K from Chester’s coffers
Vinny Vella reports: A phishing scam siphoned more than $400,000 from Chester in June, and the state-appointed receiver who is handling the beleaguered city’s finances wants to know why his office wasn’t notified until two weeks ago. In a memo sent to Mayor Thaddeus Kirkland and Chester’s city council on Monday, Michael T. Doweary said…
Robin Banks phishing service returns to steal banking accounts
Bill Toulas reports: The Robin Banks phishing-as-a-service (PhaaS) platform is back in action with infrastructure hosted by a Russian internet company that offers protection against distributed denial-of-service (DDoS) attacks. Robin Banks faced operational disruption in July 2022, when researchers at IronNet exposed the platform as a highly threatening phishing service targeting Citibank, Bank of America, Capital One, Wells…
SolarWinds reaches $26m settlement with shareholders, expects SEC action
Jessica Lyons Hardcastle reports: SolarWinds has agreed to pay $26 million to settle a shareholder lawsuit, and it’s also expecting to be slapped with an enforcement action by Uncle Sam – both related to its infamous 2020 supply chain security fiasco, according to the software maker’s most recent US regulatory filing. At the end of…