The Office of Inadequate Security
Alexander Nguyen reports: Palomar Health Medical Group’s (PHMG) phones and computer systems are still down after “suspicious activities” nearly two months ago. Palomar Health said it discovered the problem on May 5, which was affecting certain computer systems, and quickly took those systems offline to prevent the spread of possible malware. The health care system…
The AlphV (aka Blackcat) ransomware group may have disappeared after a law enforcement seizure in December, and then an exit scam by its admin in March, but the impact of some of its breaches continues. While the Change Healthcare breach continues to make headlines, earlier breaches by Blackcat also continue to impact victims. In July…
On June 13, the INC Ransom group added Maryhaven in Ohio to their leak site. DataBreaches subsequently contacted Maryhaven to inquire what it was doing in response to INC’s claims. They did not reply, but subsequently posted a notice on their website that said, in part: We are aware that some of our systems are…
Two ransomware groups claimed to have attacked Consulting Radiologists. The notification is silent about any ransom demands. Consulting Radiologists LTD. (“CRL”)” in Minnesota is a physician-owned practice. On February 12, 2024, they detected suspicious activity on their network. An investigation revealed that an unauthorized actor had accessed certain files and data. Those files contained patient…
Maydeen Merino reports: The Federal Trade Commission this week defended its investigation of MGM Resort International’s data security practices as the Las Vegas-based casino is seeking a court order to block the agency’s probe. Following a cyberattack that disclosed the personal information MGM guests in September, the FTC issued a civil investigative demand (CID) in…
Here are some perspectives by law firms. From SheppardMullin: Tennessee has joined a handful of other states to provide certain safe harbors in the cybersecurity realm. Unlike others, the law sites beside -but does not modify- the states’ data breach notification law. Also unlike others, the safe harbor is very narrowly tailored, and is not triggered by…