Marianne Kolbasuk McGee of HealthInfoSec poses a question about why Change Healthcare’s report to HHS indicated that 500 patients were affected when they already admitted that there were millions. Why use such a low placeholder instead of a higher number when it has been months since they discovered the breach and they must have some…
Cencora confirms patient health info stolen in February attack
Over on Bleeping Computer, Lawrence Abrams reports that Cencora confirmed that protected health information was involved in the February cyberattack in its recent SEC filing, As DataBreaches previously reported, a number of Cencora—-Lash Group’s clients disclosed that personal and protected health information (PHI) was involved when they sent out notifications to their patients in May…
Malaysia introduces data breach notification system to combat scams
The Malaysian Reserve reports: Malaysia has introduced a Data Breach Notification system for immediate reporting and mitigation of data leaks to prevent citizens from becoming victims of scammers, Deputy Communications Minister Teo Nie Ching said. She said this notification must be submitted by data users who are experiencing personal data leakage incidents, including hacking threats….
OneBlood Target of Ransomware Event; Blood Community Rallies to Help as Urgent Call for Donors is Issued
From OneBlood: OneBlood, the not-for-profit blood center serving much of the southeastern United States is experiencing a ransomware event that is impacting its software system. OneBlood is working closely with cyber security specialists, and also federal, state and local agencies as part of their comprehensive response to the situation. “OneBlood takes the security of our…
Invasion of the Data Snatchers: B.C. Court of Appeal Clarifies Possible Scope of Privacy Claims Against Data Custodians in Data Breaches
Lyann Danielak, Joshua Hutchinson, and Robin Reinertson of Blake, Cassels & Graydon LLP write: On July 4, 2024, the B.C. Court of Appeal issued a duo of class action appeal decisions considering the potential scope of statutory and common law privacy claims against data custodians that fall victim to cyberattacks in data breach cases. In…
Government files its opening brief in its appeal to overturn Conor Fitzpatrick’s sentence
On July 29, the Department of Justice filed its opening brief in its appeal of Conor Fitzpatrick’s (“Pompompurin’s”) sentence. The issue at the appellate level is “whether the district court abused its discretion in sentencing Fitzpatrick to a 17-day time-served sentence for possessing child pornography and creating and operating the largest English-language data breach forum…