Having trouble getting support for security efforts? Maybe show this one to the board of directors. Leah Rizkallah reports: Cybersecurity is now among the most critical risk-areas for companies across industries, and boards of directors must be vigilant in overseeing their companies’ cybersecurity efforts. Failing to do so not only increases risks for the company,…
Report: Missouri Governor’s Office Responsible for Teacher Data Leak
Brian Krebs reports on a follow-up to the case of Missouri’s Governor Parsons tried to sue a journalist and others who had responsibly disclosed and reported on a data leak by the state. The data leak first came to public attention in October, 2021 when Josh Renaud reported on the exposure and the steps the…
One year later, Minimally Invasive Surgery of Hawaii notifies patients of ransomware incident
A notification letter template that showed up on the California Attorney General’s site this week is dated “February 19, 2021.” I assume the 2021 is a typo based on the rest of the letter. The letter from Orthopedic Associates of Hawaii (OAH) begins (emphasis added by this site): Orthopedic Associates of Hawaii, All Access Ortho…
Sg: Ex-deputy lead of MOH data unit jailed for leaking daily Covid-19 case numbers in 2020
Low Youjin reports from Singapore: Despite having signed an undertaking to safeguard official information, a former deputy lead from a data management unit of the Ministry of Health (MOH) chose to leak classified Covid-19 information to members of a chat group on multiple occasions before it was officially announced to the public. Zhao Zheng’s attitude towards…
Ie: Mother seeking compensation from HSE over data breach involving report into treatment of toddler at hospital
Independent.ie reports: A report compiled by the HSE in response to a complaint about the treatment given to a 19-month-old patient found its way into the wrong hands, Wexford Circuit Court was told. The result was a case taken on behalf of the now three-year-old girl from County Wexford seeking compensation for the breach of…
Michigan Medicine notifies 269 patients after discovering a snooping employee
Here’s a good example of how monitoring and logs can detect a problem and prevent even more problems. Michigan Medicine detected an employee accessing patient records without legitimate need. The improper access began in December, 2021, and continued until it was caught by monitoring on January 25, 2022. Access was cut off on January 27…