How many patient data breaches can a covered entity have before HHS OCR opens a serious investigation into their compliance with the HIPAA Security Rule? According to DataBreaches’ count, UT Southwestern Medical Center in Texas has disclosed at least four breaches since July 2023. As a brief recap of the first three: In July 2023,…
Minnesota schools must report cybersecurity incidents under new law
Anna Merod reports: Dive Brief: Minnesota public school districts, charter schools and colleges must now report cybersecurity incidents such as ransomware or network attacks under a newly enacted state law. The information that schools report to Minnesota will not be shared publicly, unlike with similar statewide data breach reporting requirements in California and Maine. Instead, the information will be anonymized…
Rydox Cybercrime Marketplace Shut Down and Three Administrators Arrested
The Justice Department today announced the seizure of Rydox, an illicit website and marketplace dedicated to selling stolen personal information, access devices, and other tools for carrying out cybercrime and fraud, and the arrest of Rydox administrators and Kosovo nationals Ardit Kutleshi, 26, and Jetmir Kutleshi, 28. Both defendants were arrested earlier today in Kosovo by…
Dutch people advised to carry cash in case of cyberattack by Russia
Sarah McKenna Barry reports: The Dutch Central Bank has issued an unprecedented warning to the public to keep cash at home due to the risk of cyberattacks from Russia. Officials are concerned that cyberattacks have the potential to cause massive disruption to digital banking systems and want citizens to have some cash on them as an insurance…
No need to hack when it’s leaking, Canadian edition: Care1
Jeremiah Fowler discovered a non-password-protected database that contained more than 4.8 million records belonging to Care1 — a Canadian company offering AI software solutions to support optometrists in delivering enhanced patient care: The publicly exposed database was not password-protected or encrypted. It contained over 4.8 million documents with a total size of 2.2 TB. In a…
Japanese publisher paid BlackSuit $3 million, but BlackSuit leaked their data anyway – reports
Kyodo News reports that Japanese publishing firm Kadokawa Corporation paid Black Suit $2.98 million in cryptocurrency after a ransomware attack in June. But looking at BlackSuit’s leak site, it appears BlackSuit leaked their data anyway. A screenshot of some of the negotiations in mid-June published by Kyodo News reveals that BlackSuit was demanding $8.25 million…