In July 2021, Chelan Douglas Health District in Washington experienced a data breach. They disclosed the breach to the public in March 2022, surprisingly patting themselves on the back for completing their investigation in 6-7 months. A number of media reports indicate that the breach reportedly affected almost 109,000 patients, but the breach was reported…
DDoS site Dstat.cc seized and two suspects arrested in Germany
Bill Toulas reports: The Dstat.cc DDoS review platform has been seized by law enforcement, and two suspects have been arrested after the service helped fuel distributed denial-of-service attacks for years. The seizure and arrests were conducted as part of “Operation PowerOFF,” an ongoing international law enforcement operation that targets DDoS-for-hire platforms, aka “booters” or “stressers,” to…
HHS Office for Civil Rights Announces the Release of the Security Risk Assessment (SRA) Tool
Following up on a settlement yesterday that was HHS’s first enforcement action under OCR’s Risk Analysis Initiative, HHS OCR today released a security risk assessment tool. Here is their statement about it: Today, the U.S. Department of Health and Human Services Office for Civil Rights (OCR) and the Assistant Secretary for Technology Policy (ASTP) are…
Fourth Circuit hears oral arguments about the sentencing of Conor Brian Fitzpatrick (aka “Pompompurin”)
On October 29, the Fourth Circuit Court of Appeals heard oral arguments in the government’s appeal of Conor Brian Fitzpatrick’s sentence. At issue was whether District Court Judge Leonie M. Brinkema had abused her discretion in sentencing Fitzpatrick and whether her sentence was “substantively unreasonable.” Judges have discretion in sentencing and courts are often reluctant…
FBI has conducted more than 30 disruption operations in 2024
Christian Vasquez reports: The FBI is seeing progress in the fight against ransomware gangs after conducting more than 30 disruption operations this year in which officials targeted the infrastructure used by those groups, one of the bureau’s top cybersecurity officials said Wednesday. Cynthia Kaiser, deputy assistant director of the FBI’s cyber division, said during CyberScoop’s…
No: Administrative fine issued to Grue municipality under GDPR
The Norwegian data protection authority (Datatilsynet) has imposed an administrative fine of NOK 250,000 [USD $22,669.69] on Grue municipality for breach of GDPR requirements. They explain: Personal data that should have been confidential was made available to unauthorised persons in the municipality’s public records. This constitutes a breach of the municipality’s duty to ensure adequate…