Bobbi-Jean MacKinnon reports: A Horizon Health Network employee has been fired after they “inappropriately accessed” the personal health information of 1,251 people at Charlotte County Hospital in St. Stephen, N.B., allegedly “out of curiosity.” In a statement, Horizon’s vice-president of quality and patient-centred care, Margaret Melanson, describes the situation as a “significant privacy breach.” Read…
New York Department of Financial Services Announces a $1.8 Million Settlement with Two Life Insurers for Data Breach Violations
Zachary Dyer, Steven Imber, Justin Liby, and Jennifer Osborn Nix of Polsinelli write: The New York Department of Financial Services (“NYDFS”) recently announced that it has entered into a Consent Order with two affiliated life insurers for alleged violations of New York’s Cybersecurity Regulation (the “NY Cybersecurity Regulation”). The NYDFS conducted an investigation and determined…
Insurance giant CNA reports data breach after ransomware attack
Sergiu Gatlan reports: CNA Financial Corporation, a leading US-based insurance company, is notifying customers of a data breach following a Phoenix CryptoLocker ransomware attack that hit its systems in March. […] “The investigation revealed that the threat actor accessed certain CNA systems at various times from March 5, 2021 to March 21, 2021,” CNA said…
UK: ICO fines transgender charity for data protection breach exposing sensitive personal data
Bigger companies may pay bigger fines, but smaller fines do not mean smaller impact when it comes to dealing with sensitive information, as in this case. The Information Commissioner’s Office (ICO) has fined transgender charity Mermaids £25,000 for failing to keep the personal data of its users secure. The ICO’s investigation began after it received a…
Morgan Stanley reports data breach after vendor Accellion hack
People are first finding out NOW? Look at this timeline, provided by Sergiu Gatlan in his reporting on BleepingComputer: Guidehouse notified Morgan Stanley in May 2021. Guidehouse had been breached in January through the Accellion vulnerability. Guidehouse discovered the breach in March and the impact to Morgan Stanley customers in May. Why didn’t Guidehouse discover the…
‘Shut down everything:’ Global Kaseya ransomware attack takes a small Maryland town offline
Chris Velazco and Rachel Lerman report: It was just after 12:30 p.m. on the Friday before the Fourth of July holiday when a warning popped up on Laschelle McKay’s computer screen. McKay, the town administrator for Leonardtown, Md., didn’t even have time to read the whole message before it disappeared and her computer froze. “Everything…