In November 2021, Valley Mountain Regional Center (VMRC) notified HHS that multiple employees were the victims of a phishing scheme that compromised the protected health information (PHI) of 17,197 individuals. They notified HHS, affected individuals, media, and provided substitute notice. HHS reports, “In its mitigation efforts, the Business Associate strengthened its technical safeguards to better…
Sg: App managing student devices in 127 schools hacked; names and e-mail addresses leaked: MOE
Lok Jian Wen reports: The names and e-mail addresses of parents and teachers of 127 primary and secondary schools were leaked after a mobile platform on students’ personal learning devices was hacked, said the Ministry of Education (MOE) on April 19. The Mobile Guardian app, which is installed on personal learning devices including Chromebook laptops…
International investigation disrupts phishing-as-a-service platform LabHost – EUROPOL
This week, law enforcement from 19 countries severely disrupted one of the world’s largest phishing-as-a-service platform, known as LabHost. This year-long operation, coordinated at the international level by Europol, resulted in the compromise of LabHost’s infrastructure. Between Sunday 14 April and Wednesday 17 April a total of 70 addresses were searched across the world, resulting…
Hong Kong private hospital given 4 weeks to submit report over US$10 million ransomware attack
Cannix Yau reports: Hong Kong health authorities have told a private hospital it has four weeks to submit a detailed report after it was hit by a malicious cyberattack and refused to pay a US$10 million ransom. The Department of Health said on Saturday that it was investigating the incident at Union Hospital in Tai…
Resource: U.S. State Data Breach Notification Laws
There’s an update to Foley & Lardner’s resource on U.S. state data breach notification laws. They explain what their resource applies and what it doesn’t apply to: While most state data breach notification statutes contain similar components, there are important differences, meaning a one-size-fits-all approach to notification will not suffice. What’s more, as data breaches…
Medical records of millions stolen in Turkish state hospital data leak
Duvar English reports: A cyber attack on the Bağcılar Training and Research Hospital in Istanbul has leaked all confidential medical records, including X-ray scans and test results, taken at the hospital since 2007, according to reporting by the online news outlet Diken. The hackers attacked the information management system on April 12, heavily damaging the visual archive…