Ellen Nakashima, Joseph Menn and Carolyn Y. Johnson report: The National Institutes of Health and the federal agency responsible for securing the nation’s nuclear weapons were among the victims in a global breach of Microsoft server software over the weekend, according to officials at the agencies. The incident at NIH, which has not been previously reported, involved…
Russia suspected of hacking Dutch prosecution service systems
Dutch News reports: There are “strong indications” that Russia was behind a cyber attack on the Dutch public prosecution department’s internal systems, justice ministry sources have told the AD. The affected systems contain sensitive information on ongoing police investigations and court cases, as well as personal data on staff. The department has not yet said…
Korea imposes 343 million won penalty on HAESUNG DS for data breach of 70,000 shareholders
Kim Su-jeong reports: The Personal Information Protection Commission announced on the 24th that it imposed a penalty surcharge of 343 million won [USD $250,136.73] on HAESUNG DS, a semiconductor parts company, after it left vulnerabilities in its network security equipment unattended, resulting in a hacker attack that leaked personal information of over 70,000 shareholders. According…
Paying cyberattackers is wrong, right? Should Taos County’s incident be an exception? (1)
How many times have we read that paying a threat actor’s extortion demands only encourages more financially motivated crime and doesn’t ensure that the data won’t be retained or re-sold or leaked? Those making that argument appear to be generally correct, but are there exceptions? For years now, DataBreaches has gone back and forth between…
HHS OCR Settles HIPAA Ransomware Investigation with Syracuse ASC for $250k plus corrective action plan
Today, the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) announced a settlement with Syracuse ASC, LLC doing business as Specialty Surgery Center of Central New York, for potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security and Breach Notification Rules. Syracuse ASC is a…
IVF provider Genea notifies patients about the cyberattack earlier this year.
In February, DataBreaches reported that an incident involving Australia IVF giant Genea was the work of the Termite gang, who had posted proof of claims and also claimed to have 700 GB of files. Apparently, Genea still hasn’t revealed that to those affected, who only now are receiving notifications that their data was involved and…