Dorian Hargrove of CBS reports that Scripps Health has agreed to pay more than $3.5 million dollars to victims of a ransomware attack in 2021 that compromised the personal information of more than one million patients. More than 1 million patients? At the time, Scripps had reported that it was notifying 147,267 patients, and that…
MI: Hope College Hit with $5M Class Action Lawsuit Over Data Breach
Gary Stevens reports that alleged late disclosure of a data breach has led to a lawsuit. The Holland Sentinel is reporting in Wednesday’s editions that class-action status has been requested by plaintiff Jennie DeVries of Holland for the litigation filed at US District Court for Western Michigan on Monday. In the lawsuit, DeVries claimed that…
For sale on eBay: A military database of fingerprints and iris scans
Kashmir Hill, John Ismay, Christopher F. Schuetze, and Aaron Krolik report: The shoebox-shaped device, designed to capture fingerprints and perform iris scans, was listed on eBay for $149.95. A German security researcher, Matthias Marx, successfully offered $68, and when it arrived at his home in Hamburg in August, the rugged, hand-held machine contained more than…
NYS Comptroller DiNapoli Releases More School District Audits
Two more school district audits were released before the holiday. Nanuet Union Free School District – Network User Accounts and Information Technology Contingency Plan (2022M-135) Issued Date December 09, 2022 Background The District serves the Town of Clarkstown in Rockland County. The District is governed by an elected seven-member Board of Education (Board) that is…
Ransomware Needs ‘Physical’ Damage For Insurance, Ohio Court Rules
Daphne Zhang reports: Owners Insurance Co. convinced the Ohio Supreme Court that it has no duty to cover a medical software company’s ransomware-related losses because the attack didn’t cause any property damage. EMOI Services LLC’s insurance policy “requires direct physical loss of or damage to media—Computer software cannot experience direct physical loss or physical damage, because…
NZ: Compliance investigation into Mercury IT breach commenced
Here’s yet another data breach case in which a court has issued a protective order. The New Zealand Privacy Commissioner writes about a court order issued after the LockBit attack on Mercury IT that might contribute to a supply chain attack; Justice Grice has released the reasons for making the interim orders this week. The High Court…