Collaborate Disseminate
KCRG Staff report: A former Iowa City hospital administrator pleaded guilty on Monday to an identity theft scheme that spanned three decades and caused the victim to be falsely imprisoned for nearly two years. Officials said 58-year-old Matthew Keirans… Continue reading This may be the worst ID theft case you’ve ever read about
CISA Alert of March 29, 2024: CISA and the open source community are responding to reports of malicious code being embedded in XZ Utils versions 5.6.0 and 5.6.1. This activity was assigned CVE-2024-3094. XZ Utils is data compression software and may be… Continue reading CISA Alert: Reported Supply Chain Compromise Affecting XZ Utils Data Compression Library, CVE-2024-3094
Ashden Fein, Micaela McMurrough, Caleb Skeath, Robert Huffman, John Webster Leslie, and Shayan Karbassi of Covington and Burling write: On March 27, 2024, the U.S. Cybersecurity and Infrastructure Security Agency’s (“CISA”) Notice of Proposed Rulemakin… Continue reading CISA Issues Notice of Proposed Rulemaking for Critical Infrastructure Cybersecurity Incident Reporting
Hunton Andrews Kurth writes: On March 19, 2024, Utah’s Governor Spencer J. Cox signed Senate Bill (SB) 98 (the “Bill”), Online Data Security and Privacy Amendments, into law. The Bill amends the Protection of Personal Information Act (§13-44-101 et seq… Continue reading Utah Enacts Amendments to State Breach Notification Law
WASHINGTON — Today, the Department of the Treasury’s Office of Foreign Assets Control (OFAC) sanctioned Wuhan Xiaoruizhi Science and Technology Company, Limited (Wuhan XRZ), a Wuhan, China-based Ministry of State Security (MSS) front company that has s… Continue reading Treasury Sanctions China-Linked Hackers for Targeting U.S. Critical Infrastructure
Josh Hansen and Alfred Saikali of Shook, Hardy & Bacon write: The Florida legislature passed a bill that provides immunity to companies that suffer a data breach. The immunity is conditioned on the company: (1) complying with the notice requirement… Continue reading Florida Legislature Passes Data Breach Immunity Legislation
Mathew J. Schwartz reports: How might banning ransomware victims from paying a ransom to their attacker work in practice? As ransomware groups are causing massive damage and disruption and showing no signs of stopping, Ciaran Martin, the former head of… Continue reading Banning Ransom Payments: Calls Grow to ‘Figure Out’ Approach
March 5. The U.S. Department of Health and Human Services (HHS) is aware that Change Healthcare – a unit of UnitedHealth Group (UHG) – was impacted by a cybersecurity incident in late February. HHS recognizes the impact this attack has had on health ca… Continue reading HHS Statement Regarding the Cyberattack on Change Healthcare
Three recent data breach disclosures involving patient data all exceeded HIPAA’s 60-day deadline to notify HHS and individuals. Yakima Valley Radiology A breach involving the Washington state radiology service was added to Karakurt’s leak s… Continue reading Three recent breach disclosures remind of us how seldom timely breach notification is enforced under HITECH
YLE News, STT report: Some patients from the Vastaamo psychotherapy centre had died by suicide after their patient records were stolen and used in extorition attempts, according to a lawyer representing victims. Legal arguments in the trial of Aleksant… Continue reading Vastaamo victims’ lawyer: Some took their own lives after patient record leak