LATEST POST
L.A. Care Healthplan settles HHS OCR charges stemming from multiple violations for $1.3 million and corrective action plan
Today, the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) announced a settlement of potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Rules with LA Care, the nation’s largest publicly operated health plan that provides health care benefits and coverage through state, federal, and commercial programs. OCR enforces the HIPAA […]
Dissecting the MOVEit breach: Lessons learned from the ransomware attack
The MOVEit data breach, discussed in an earlier post, continues to make headlines. As SDX reports: Orchestrated by ransomware gang CL0P exploiting a zero-day vulnerability, it is now considered one of the largest hacks of 2023 — and potentially in recent history. To date, it is known to have impacted more than 1,150 organizations and nearly 56 million individuals, […]
Rhysida ransomware gang claims responsibility for Singing River Health System attack
Rhysida has now added Singing River Health System in Mississippi to their dark web leak site. The health system, which includes Pascagoula Hospital, Ocean Springs Hospital, and Gulfport Hospital as well as 10 clinics discovered the ransomware attack on August 19. In its most recent update of August 31, it stated: “We understand the concerns […]
Your car may be scraping and selling your data, and there isn’t much you can do to stop it
Car manufacturers are engaging in a “privacy nightmare” by scraping sensitive user data and potentially selling it to unknown actors, according to a new report on the widespread terrible practices in the industry. Mozilla’s Privacy Not Included found 25 major car brands are “terrible at privacy and security” of user data, and their policies allow widespread […]
New SEC Cybersecurity Disclosure Requirements Give Public Companies Only Four Days to Disclose Material Cybersecurity Incidents
This summer, the Securities and Exchange Commission (SEC) adopted rules to enhance and standardize disclosures by public companies regarding cybersecurity risk management, strategy, governance, and incidents. The rules will impose a number of new requirements, including disclosures regarding: Read more of this article at Workplace Privacy, Data Management & Security Report.
California Privacy Protection Agency Releases Draft Rules on Cybersecurity Audits and Risk Assessments
Ahead of its September 8 board meeting, the California Privacy Protection Agency (CPPA) has issued draft regulations on cybersecurity audits and risk assessments. Public comments will be requested once the formal rulemaking process is kicked off. Accordingly, the draft regulations are subject to change. Below are the key takeaways: Cybersecurity Audits Read more of this article at Inside […]
Russian Businessman Sentenced to Nine Years in Prison in $93 Million Hack-to-Trade Conspiracy
BOSTON – A Russian businessman was sentenced today in federal court in Boston for his involvement in an elaborate hack-to-trade scheme that netted approximately $93 million through securities trades based on confidential corporate information stolen from U.S. computer networks. Vladislav Klyushin, a/k/a “Vladislav Kliushin,” 42, of Moscow, Russia, was sentenced by U.S. District Court Judge […]
The Government Isn’t Sure How to Get Small Hospitals to Take Cybersecurity Seriously
The U.S. government is struggling to convince hospitals that they need to spend time and money fighting hackers and provide useful advice to them, a problem that could have lethal consequences as the country’s ransomware crisis rages on. “I don’t think we’ve figured out how to talk to the small and medium-sized organizations in a […]