Is KillSec3 Trying to Extort Victims Using Publicly Leaked Data?

KillSec3 is a ransomware group, but is it really encrypting its victims these days? Recent data suggests that its affiliate(s) may be trying to extort victims using data that has already been publicly leaked. The following was researched and written by… Continue reading Is KillSec3 Trying to Extort Victims Using Publicly Leaked Data?

Anna Jaques Hospital notifies 316,300 people about 2023 ransomware attack

On Christmas, December 2023, Anna Jaques Hospital (AJH) in Massachusetts was grappling with a cyberattack that knocked out their EHR system and resulted in them having to divert ambulances to other area hospitals. On January 23, they posted a prelimina… Continue reading Anna Jaques Hospital notifies 316,300 people about 2023 ransomware attack

HHS OCR Imposes a $548,265 Penalty Against Children’s Hospital Colorado for HIPAA Violations

Not all monetary penalties are for breaches affecting large numbers of patients. In this case, HHS imposed a penalty on an entity that had breaches in both 2017 and 2020. DataBreaches notes that the 2017 incident affected 3,370 patients, and the 2020 i… Continue reading HHS OCR Imposes a $548,265 Penalty Against Children’s Hospital Colorado for HIPAA Violations

Express Services disclosed a data breach. One month later, they learned they had a second data security problem.

Express Employment Professionals (“Express Pros“) describes itself as a leading staffing agency in the U.S., “specializing in matching job seekers with the best jobs for their skills and experience.” Express Pros is the flagship… Continue reading Express Services disclosed a data breach. One month later, they learned they had a second data security problem.

Recent Texas Case Highlights Increasing Relevance of Privacy and Security Laws to E-Discovery Process

Of note from Hunton Andrews Kurth: On November 6, 2024, a Texas state district court jury found that a large e-discovery vendor violated Title 7, Chapter 33 of the Texas Penal Code, which provides that accessing a computer without its owner’s permissio… Continue reading Recent Texas Case Highlights Increasing Relevance of Privacy and Security Laws to E-Discovery Process

PDPC: Breach of the Protection Obligation by HMI Institute of Health Science

A financial penalty of $10,000 was imposed and directions were issued to HMI Institute of Health Science for failing to put in place reasonable security arrangements to protect the personal data of former students. Case No. DP-2405-C2321 HMI Institute … Continue reading PDPC: Breach of the Protection Obligation by HMI Institute of Health Science

Changes Are Likely on the Horizon for the Federal Healthcare Portfolio, in Areas Including Cybersecurity and in Regulatory Enforcement

Nicole K. Macris and Gabriel S. Oberfield of Bond Schoeneck & King PLLC write: Federal healthcare administration undoubtedly will look different in 2025 than it does as we close 2024. In the aftermath of the Republican party victories during this m… Continue reading Changes Are Likely on the Horizon for the Federal Healthcare Portfolio, in Areas Including Cybersecurity and in Regulatory Enforcement

Administrative fine of €330,000 issued to Polish medical company after a hacking incident

Background information Date of final decision: 20 May 2024 National case Legal Reference (s): Article 5 (Principles relating to processing of personal data), Article 24 (Responsibility of the controller),  Article 32 (Security of processing) Decision: … Continue reading Administrative fine of €330,000 issued to Polish medical company after a hacking incident

Trust in Singapore companies dips sharply as consumers demand stricter data protection and effortless experiences

Gemma Iso reports: The recent report from Salesforce published by the Singapore Business Review reveals a significant decline in consumer trust in Singapore companies over the past year. Nearly 74% of individuals have expressed less confidence in these… Continue reading Trust in Singapore companies dips sharply as consumers demand stricter data protection and effortless experiences

Information and Privacy Commissioner of Alberta Publishes 2023-24 Annual Report

November 27 EDMONTON – The 2023-2024 Annual Report of the Office of the Information and Privacy Commissioner (OIPC) of Alberta was tabled today by the Speaker of the Alberta Legislative Assembly and has now been published online by the OIPC. “The 2023-… Continue reading Information and Privacy Commissioner of Alberta Publishes 2023-24 Annual Report