Since June, two groups claim to have attacked The Eye Clinic Surgicenter. What do we know?

One cyberattack is distressing enough. But has The Eye Clinic Surgicenter been attacked by two different groups this year? Silence is not golden if patient data has already been leaked.  Last week, Meow Leaks added The Eye Clinic Surgicenter in Montana… Continue reading Since June, two groups claim to have attacked The Eye Clinic Surgicenter. What do we know?

SEC Charges Four Companies With Misleading Cyber Disclosures

Washington D.C., Oct. 22, 2024 — The Securities and Exchange Commission today charged four current and former public companies – Unisys Corp., Avaya Holdings Corp., Check Point Software Technologies Ltd, and Mimecast Limited – with making materially mi… Continue reading SEC Charges Four Companies With Misleading Cyber Disclosures

Malaysia’s government to amend Personal Data Protection Act to require notification of data breaches

The Sun reports: The government is planning to amend the Personal Data Protection Act of 2010 to include breach notification requirements that compel companies to inform authorities when a data breach happens in commercial transactions, said Digital Mi… Continue reading Malaysia’s government to amend Personal Data Protection Act to require notification of data breaches

Ca: New online breach reporting forms for federal institutions and businesses

From the Office of the Privacy Commissioner of Canada, May 24: The Office of the Privacy Commissioner of Canada (OPC) has launched a new online breach reporting form for federal institutions subject to the Privacy Act as well as updated its online brea… Continue reading Ca: New online breach reporting forms for federal institutions and businesses

Utah Updates to Breach Notification Requirements Take Effect

Dorothy Parson McDermott of JacksonLewis writes: On May 1, 2024, amendments to Utah’s cybersecurity and data breach notification law took effect. The state’s cybersecurity and data breach notification law requires an organization that conducts business… Continue reading Utah Updates to Breach Notification Requirements Take Effect

Brazilian Data Protection Authority approves data breach notifying regulation

Cristiane Manzueto, Rodrigo Leal, Ana Letícia Allavato, and Diego Semeraro of Mayer Brown write: Resolution No. 15, of April 24, 2024, of the Brazilian Data Protection Authority (“ANPD”), approved the Data Breach Notifying Regulation (the “… Continue reading Brazilian Data Protection Authority approves data breach notifying regulation

FTC Finalizes Changes to the Health Breach Notification Rule

The Federal Trade Commission today announced it has finalized changes to the Health Breach Notification Rule (HBNR) that will strengthen and modernize the rule by clarifying its applicability to health apps and other similar technologies and expanding … Continue reading FTC Finalizes Changes to the Health Breach Notification Rule

Unsecured Health Genie bucket exposed almost 450,000 files with patient data — Cybernews

It is disgraceful that there are so many huge data leaks involving sensitive personal data, and yet here we are again.  Cybernews reports: Health Genie, a healthcare IT solutions provider, left an open instance, exposing patients’ personal details as w… Continue reading Unsecured Health Genie bucket exposed almost 450,000 files with patient data — Cybernews

Proporsed Rule: Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) Reporting Requirements

A quick note that the official draft of CIRCA is now published: A Proposed Rule by the Homeland Security Department on 04/04/2024 All information is linked from https://www.federalregister.gov/documents/2024/04/04/2024-06526/cyber-incident-reporting-fo… Continue reading Proporsed Rule: Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) Reporting Requirements