Compiled by: Richard Sheinis, Esq.

Disqus Confirms Data Breach Affecting 17.5 Million Accounts
Washington Times

Email addresses and other data associated with roughly 17.5 million accounts on Disqus, a popular online comment hosting service, were exposed as …

The End of Privacy
New York Times

What we have thought of as privacy is dying, if not already dead. … Simply put, the future of our privacy lies in how our data is used, rather than how or …

US Supreme Court Declines to Review Computer Hacking Cases
Reuters

FILE PHOTO: A view of the U.S. Supreme Court building is seen in Washington, DC, U.S. on October 13, 2015.

North Korean Hackers Stole US-South Korean Military Plans, Lawmaker Says
New York Times

SEOUL, South Korea – North Korean hackers stole a vast cache of data, … North Korea runs an army of hackers trained to disrupt enemy computer …

Musgrave Cyber-Attack Hits Irish Supermarkets
BBC News

The company operating Centra, Mace and Supervalu stores in Ireland has said it has been hit by a cyber-attack. The County Cork-based Musgrave …

Supermarket Chain Morrisons Sued by Staff Over Personal Data Leak
BBC News

The employees claim the leak exposed them to the risk of identity theft and potential financial loss and Morrisons is responsible for breaches of privacy …

Data Breaches Highlight How Social Security Number Has to be Phased Out for Blockchain, Biometrics
ZDNet

Former CEO of Equifax Richard Smith hasn’t gotten much right of late following his former company’s data breach and fumbling of the aftermath.

Report: Russian Hackers Penetrated Elite NSA Hacking Division
TechNewsWorld

The incident, which occurred in 2015, involved a contractor who loaded classified information onto his personal computer in order to work at home.

Data Breach Exposed Medical Records, Including Blood Test Results, of Over 100 Thousand Patients
Gizmodo

IAs with most data breaches involving Amazon servers, it’s not immediately clear for how long the files have been exposed-or whether the records…

Compiled by: Richard Sheinis, Esq.

Whole Foods Latest to Fall Victim to Credit Card Breach
New York Post

“When Whole Foods Market learned of this, the company launched an investigation, obtained the help of a leading cyber security forensics firm, …

Will Healthcare Blockchain Resolve Data Privacy Concerns?
HealthITSecurity.com

A recent Black Book survey shows the majority of medical group managers and IT specialists believe healthcare blockchain will alleviate data privacy …

Equifax Hack Affected 2.5M More Americans than First Believed
New York Post

Equifax hack affected 2.5M more Americans than first believed … have gotten their personal information swiped during the cyber attack – bringing the …

Spanish Court Grants US Extradition for Russian Hacking Suspect
Reuters

Spanish court grants U.S. extradition for Russian hacking suspect … of U.S. hacking offences including operating a network of infected computers used …

FTC Shines a Little Light on Its Data Security Enforcement
Bloomberg BNA

Companies concerned about whether they are meeting data security standards acceptable to the Federal Trade Commission have new help. The FTC …

Company to Pay $264K Fine for Exposing 660 Vermonters’ Data
U.S. News & World Report

Vermont’s attorney general says a technology company will pay a $264,000 fine for a data breach that exposed the Social Security numbers of 660 …

Report: Thousands of Macs and PCs May Be Vulnerable to a Sophisticated Kind of Computer Attack
Washington Post

Thousands of computers, if not more, are potentially in danger. … [Apple is opening up amid privacy questions about Face ID, personal data collection].

Saudi Entertainment Authority Says Hit by Cyber Attack
Reuters

RIYADH (Reuters) – Saudi Arabia’s General Entertainment Authority (GEA), which has begun sponsoring concerts and shows said on Friday its …

Compiled by: Richard Sheinis, Esq.

Trying to Stem Fallout From Breach, Equifax Replaces CEO
New York Times

When the board of Equifax convened last week to discuss the company’s response to an enormous data breach, the 10 outside directors concluded …

Singapore Ranks First as Launchpad for Global Cyber Attacks
Bloomberg

Singapore has overtaken nations including the U.S., Russia and China as the country launching the most cyber attacks globally, according to Israeli …

Deloitte Hit by Data Breach
BBC News

Prof Alan Woodward, cyber-security expert at Surrey University, told the BBC that private email addresses alone were valuable data for hackers.

Today In Data: Bank Of America And Biometrics
PYMNTS.com

Following the Equifax data breach, biometrics and data security have come under increased scrutiny as more companies and consumers consider …

A Fifth of Dutch Companies Affected by Cyber Attacks
NL Times

A fifth of Dutch companies with at least 10 employees, dealt with the consequences of a cyber attack last year, Statistics Netherlands revealed in a …

Hit by Chinese Hackers Seeking Industrial Secrets, German Manufacturers Play Defense
Fox Business

… Affairs said it was unaware of the German allegations but reiterated Beijing’s official position that it “resolutely opposes” cyberhacking in every form.

Illinois Governor Vetoes Data Privacy Measure
Los Angeles Times

Bruce Rauner has vetoed legislation requiring mobile applications that track user locations to get permission first and to outline how that data will be …

Russia Targeted Election Systems in 21 States, Successfully Hacking Some
TechCrunch

In a message to election officials in the state of Wisconsin, Homeland Security specified that the hack was conducted by “Russian government cyber …

SEC Admits Data Breach, Suggests Illicit Trading Was Key
ZDNet

In a statement, SEC said the Edgar filing system data breach took place in 2016, but it is not yet known which companies may have been affected — or …

The Weakest Link in Cybersecurity
Infosecurity Magazine

While these examples have made the headlines for their data security implications, the consequences of human error can be equally problematic for …

Compiled by: Richard Sheinis, Esq.

Equifax Had Data Breach Months Before Big One Hit: Report
CBS News

The Equifax data breach in late July that exposed personal information like Social Security numbers of 143 million Americans reportedly wasn’t the …

Apple’s FaceID: Get Ready for ‘Big Data’ to Get Even Bigger
The Hill

Today, smartphones come built-in with a range of sensors with the capability to track our individual digital fingerprints. With the release of Apple’s FaceID integrated into …

Butler County Recovering from Ransomware
KWCH

Butler County is still recovering from a computer system hack that left their system held for ransom. Tyler Norris works in downtown El Dorado, and the …

Smiths Medical Confirms Drug Pump Vulnerable to Cyberhacking
Minneapolis Star Tribune

The company said Monday that it has received no reports of computer hackers exploiting the vulnerabilities. The U.S. Homeland Security Department …

Hackers Compromised CCleaner Free Software, Avast’s Piriform Says
Reuters

SAN FRANCISCO (Reuters) – Hackers broke into British company Piriform’s free software for optimizing computer performance last month and …

Dutch Bitcoin Broker Litebit Suffers Second Data Breach in Six Weeks
The Merkle

It is never good to see Bitcoin exchanges or brokers suffer a hack. Although not all of these incidents involve stolen money, it is still a worrisome …

Medicaid Data Breach Hits Arkansas; Email Puts Medical Privacy of 26,000 Patients in Jeopardy
Arkansas Online

The confidentiality of more than 26,000 Medicaid recipients’ medical information was broken earlier this year, state officials said Friday as they …

Alabama Still Doesn’t Have a Data Breach Notification Law
The Decatur Daily

If a company in Alabama has a data breach, it doesn’t have a legal obligation to tell customers their personal information has been compromised.

Houston Man Sentenced to 27 Months for Hospital Hack
SC Magazine

A Houston man was sentenced to 27 months in prison for hacking into the Centerville Clinic computer system, disabling all administrative controls and …

Monroeville-Based Medical Practice Says Hundreds Affected by Data Breach
WPXI Pittsburgh

MONROEVILLE – One of the area’s biggest physician practices says hundreds of patients are involved in a data breach. Officials with Premier Medical …

Compiled by: Richard Sheinis, Esq.

Former Gov. Roy Barnes, Others File Equifax Data Breach Class Action
Atlanta Journal Constitution

The lawsuit filed in U.S. District Court in Atlanta faults Equifax for “gargantuan failures to secure and safeguard consumers’ personally identifiable …

Here’s Why Facebook Got a $1.4 Million Privacy Fine in Spain
Fortune

Facebook has incurred yet another fine for privacy violations in Europe, this time in Spain. On Monday, the Spanish data protection authority (AEPD) …

NC Man Gets Prison Time for Hacking Senior US Officials
WRAL.com

ALEXANDRIA, Va. – A Morehead City man has been sentenced to five years in federal prison for his part in a computer hacking conspiracy that …

Russian Cyber Hacker Pleads Guilty in Identity Theft Case
Sacramento Bee

Russian cyber hacker pleads guilty in identity theft case … 27 years for his conviction last year in Seattle in a wire fraud and computer hacking case

Best Buy To Discontinue Sale Of Kaspersky Software Because, Russian Hacking
Hip-Hop Wired

People fear that the software can somehow allow Russian hackers to sneak into some 400 million computers of Kaspersky customers. Though the …

Equifax Data Breach Focuses Washington’s Attention on Security of Sensitive Personal Information
Los Angeles Times

The massive data breach at credit reporting firm Equifax has put the company in the cross-hairs of congressional committees and one of the nation’s …

Hackers Steal Personal Data of 5400 AXA Customers
The New Paper

The personal data of about 5,400 past and present customers of AXA Insurance here has been stolen in a cyber attack. The French life insurance …

SANS: Ransomware is Biggest Threat to Data Security
Infosecurity Magazine

Ransomware and insider threats are the biggest security threats to data, according to a new SANS Institute study. The poll of 257 IT and security …

AI Can Tell If You’re Gay: Artificial Intelligence Predicts Sexuality From One Photo with Startling …
Newsweek

The advanced computer analysis compared different facial characteristics … The researchers argue the “digitalization of our lives and rapid progress in AI continues to erode the privacy of sexual orientation and other intimate traits.”

Compiled by: Richard Sheinis, Esq.

Instagram Investigating Larger Breach; Hacker Claims 6 Million Accounts for Sale
CyberScoop

A hacker claims to have stolen data from 6 million accounts, and is offering them for sale at $10 apiece. “We take people’s security very seriously and …

Man Pleads Guilty to Hack Attempt on Government Pensions Website
The Irish News

A man has pleaded guilty to trying to infiltrate a government pensions website as part of a major computer hacking operation. Daniel Marincu (32), of …

Yahoo Must Face Litigation by Data Breach Victims: US Judge
Reuters

Yahoo must face litigation by data breach victims: U.S. judge … The case is In re: Yahoo Inc Customer Data Security Breach Litigation, U.S. District …

Delaware Passes Amendment to Data Breach Notification Law
The National Law Review

This puts Delaware in line with 14 other states that require private organizations to maintain reasonable data security practices. It also makes private …

DC Circuit Holds Cyber-Theft of Customers’ Medical Identifying Information Created Sufficient …
The National Law Review

D.C. Circuit Holds Cyber-Theft of Customers’ Medical Identifying … while also adding significant risk of cyber-liability for companies that collect and …

Hacking Risk Leads to Recall of 500,000 Pacemakers Due to Patient Death Fears
The Guardian

The hackers could then deliberately run the battery flat, or conduct “administration of inappropriate pacing”. Both could, in the worst case, result in the …

Hackers Access Computer at McLaren Medical Group
Health Data Management

McLaren Medical Group in Lansing, Mich., recently notified 106,008 current or former patients that a computer system at Mid-Michigan Physicians …

Self-Driving Cars Might Be More Secure Than We Thought
PCMag

He’s also involved with the Car Hacking Village at Defcon in Las Vegas and author of The Car Hackers … “It’s a computer overriding a human.”

How Blockchain Technology Can Transform the Security Industry
ZDNet

It is not always software vulnerabilities which can lead to a security problem such as a data breach or a network compromise — the supply chain can …

Data Breach Hits Four Million Time Warner App Users
BBC News

Sensitive information about more than four million users of an app created by Time Warner Cable has been accidentally exposed online. Security …

Compiled by: Richard Sheinis, Esq.

Aetna Faces Class-Action Lawsuit After Exposing Patient HIV Information
Healthcare Dive

While health systems are devoting more resources to protecting patient data with cybersecurity methods, breaches of confidential information can also …

Artificial Intelligence Cyber Attacks Are Coming – but What Does that Mean?
The Conversation US

The next major cyberattack could involve artificial intelligence systems. It could even happen soon: At a recent cybersecurity conference, 62 industry …

MLL Investigating ‘Data Incident’ That Exposed Players’ Personal Information
US Lacrosse Magazine

Major League Lacrosse is investigating a “data incident” that exposed the personal information – including social security numbers, email addresses, …

Medical Identity Theft a Growing Threat
Greenville News

There were more data breaches in the health care sector in 2015 than in any other critical infrastructure sector, according to a new report from the …

Abbott Releases New Round of Cyber Updates for St. Jude Pacemakers
Reuters

NEW YORK (Reuters) – Abbott Laboratories said on Tuesday it will issue updates to reduce the risk of its St. Jude heart implants being hacked and to …

Uber Ditches Tracking Feature After Concern Over Customer Privacy
Fortune

Uber said it needed permission to always gather data in order to track riders for five minutes after a trip was completed, which the company believed …

Ransomware Behind NHS Lanarkshire Cyber-Attack
BBC News

It has been confirmed that ransomware was behind a cyber-attack on a Scottish health board which led to some appointments and procedures being …

Eighth Circuit Affirms Dismissal of Scottrade Data Breach Suit
JD Supra (press release)

The United States Court of Appeals for the Eighth Circuit recently affirmed the district court’s dismissal of a putative class action brought by customers …

Insider Threats Account for Nearly 75 Percent of Security Breach Incidents
Security Intelligence (blog)

CISOs and their teams have suspected it for years, but new security breach research showed that nearly three-quarters of incidents are due to insider …

Zazzle Resets “Thousands” of Accounts After Hackers Brute-Force Passwords
ZDNet

Dozens of data breaches, millions of people affected. … account usernames and passwords that were stolen from a breach of another unnamed site.

US Arrests Chinese Man For Multiple Cyber-Attacks
Silicon UK

US authorities have arrested a Chinese national on hacking charges related to … Computer security firms have said that the number of Chinese …

North Korean Hackers Reportedly Attack Bitcoin Exchange in South Korea
CoinTelegraph

Cyber hackers from North Korea have reportedly targeted Bitcoin … the attached malware will embed itself in the company’s’ computer networks.

Written by: Anthony E. Stewart, Esq.

Ransomware attacks, like other cyber-attacks, are occurring more and more frequently, and healthcare entities are common targets.  The U.S. Department of Health and Human Services Office for Civil Rights (OCR) has issued a quick-response checklist and infographic detailing steps a HIPAA covered entity or its business associate should take to respond to a cyber-related security incident.

1. RESPOND The entity must execute its response and mitigation procedures and contingency plans.

a. Immediately fix any technical or other problems to stop the incident.

b. Mitigate any impermissible disclosure of protected health information

2. REPORT CRIME The entity should report the crime to criminal law enforcement agencies, which may include:

a. State or local law enforcement

b. Federal Bureau of Investigation

c. Secret Service

Any reports to law enforcement should not include protected health information, unless otherwise permitted by the HIPAA Privacy Rule.

3. REPORT THREAT The entity should report all cyber threat indicators to the appropriate federal agencies and information-sharing and analysis organizations (ISAOs), which includes:

a. Department of Homeland Security

b. HHS Assistant Secretary for Preparedness and Response

c. Private-sector cyber-threat ISAOs

Any reports to these organizations should not include protected health information.

4. ASSESS BREACH The entity must assess the incident to determine if there is a breach of protected health information.  If a breach has occurred:

a. Affects 500 or more individuals.  The entity must report to OCR and the media as soon as possible, but no later than 60 days after the discovery of the breach.

b. Affects less than 500 individuals. The entity must report to OCR no later than 60 days after the calendar year of the breach.

If a breach has not occurred, the entity must document and retain all information considered during the risk assessment of the cyber-attack, including how it determined no breach occurred.

If you have experienced a cyber-related security incident or need assistance developing an Incident Response Plan, we can help.  Contact us today to learn more.

Compiled by: Richard Sheinis, Esq.

Is Someone Hacking our 7th Fleet? Navy to Investigate After USS John S McCain Collision
Fox News

Richardson made clear that there is no evidence of a hacking at this point, but some cyber experts have raised to possibility given the location of the …

3 Ways Blockchain Is Revolutionizing Cybersecurity
Forbes

… in value, its blockchain underpinnings have so far successfully withstood cyber-attacks for more than 8 years. … Consider, for example, the risk that WhatsApp and Telegram could have faced with a flaw based on image metadata.

NHS 1.2 Million Patient Name Database Hacked ‘to Expose Weaknesses’
SC Magazine UK

In typical Sun style, the article identifies the culprit as, “A computer geek with alleged links to global hacking group Anonymous,” and adds that “The …

Hacker Steals $475,000 Worth of Ethereum After Breaching Enigma Project
BleepingComputer

An unidentified hacker (or hackers) has taken control of the Enigma Project website, Slack channel, and mailing list, and tricked users into sending …

Amazon Brings Artificial Intelligence To Cloud Storage To Protect Customer Data
Forbes

Amazon has become the first public cloud provider to blend Artificial Intelligence with cloud storage to help customers secure data. The new service …

Personal Information of Nearly 2 Million Chicago Voters Exposed on Amazon Server
Fortune

The data was a back-up file stored on Amazon Web Services’ (AWS) servers and included partial Social Security numbers, and for some, driver’s …

IT Staffers May Have Compromised Sensitive Data to Foreign Intelligence
New York Post

What started out 16 months ago as a scandal involving the alleged theft of computer equipment from Congress has turned into a national-security …

Hacking the Home: How Connected Tech is Making Your Shack a Security Risk
TechRadar

“Data leakages undermine consumers’ trust in connected environments and … Mulchandani believes that if tech companies put security first, they can …

San Antonio Institute for Women’s Health Warns Patients Personal Data Compromised in Network Hack
mySanAntonio.com

“After the incident, IFWH implemented additional safeguards to improve data security on its web server infrastructure and reduce the risk of exploitation …

Alibaba Deploys Blockchain to Secure Health Data in Chinese First
CoinTelegraph

Taking place in the city of Changzhou, Ali Health will work with local government to use Blockchain to secure data in a pioneering approach.

How Hackers are Targeting the Shipping Industry
BBC News

The consequences of suffering from the NotPetya cyber-attack for Maersk included the shutting down of some port terminals managed by its subsidiary …

FBI Has Its First ‘Living Witness’ in Russian Hacking Investigation
Irish Times

The hacker, known only by his online alias “Profexer”, kept a low profile. He wrote computer code alone in an apartment and quietly sold his …

Compiled by: Richard Sheinis, Esq.

Uber Agrees to 20 Years of Privacy Audits After FTC Says it ‘Failed Consumers’
CNBC

Uber has settled with federal regulators that accused the start-up of “deceptive privacy and data security claims.” More than 100,000 names and …

86 Percent WhatsApp Users Exposed to Fraud, Hacking: Study
Deccan Chronicle

86 per cent WhatsApp users exposed to fraud, hacking: Study … Brigham Young University computer science PhD student who led the study.

Feds Charge Ex-Denali CTO Michael Leeper With Computer Fraud In Columbia Sportswear …
CRN

The U.S. Attorney’s office has charged ex-Denali CTO Michael Leeper (pictured) with one count of computer fraud, claiming that Leeper remotely and …

Anthem Breach Lesson: Why Granular Access Control Matters
BankInfoSecurity.com

… absolutely prevent a breach in any sort of operational business because you have to be sharing data – and people have to be working with that data …

Data Breach May Have Compromised Card Info for People Who Stayed at Denver, Winter Park Hotels
The Denver Channel

DENVER – If you stayed at the Magnolia Hotel in Denver or the Winter Park Mountain Lodge between August 2016 and March 2017, there’s a chance …

Beware Misconfiguration Errors: Little Slip-ups Can Have Huge Consequences
Healthcare IT News

In cybersecurity, that might not be the lack of the latest security technologies that cause a data breach but, instead, a simple misconfiguration in a …

TalkTalk Fined £100,000 for Wipro-Related Data Breach
European Communications (press release)

The UK’s Information Commissioner’s Office has slapped TalkTalk with a £100,000 fine for breaching the Data Protection Act. The fine relates to 2014, …

Letters Sent to Residents Affected by WARCOG Breach
Richland Source

WOOSTER – More than 100,000 people in Wayne and Ashland counties who were directly affected by the data breach of the Wooster-Ashland …

Israeli Firm Beats off New Generation of Cyberattacks
The Times of Israel

Hackers surreptitiously send RATs with remote access rights already … installing ransomware, in which hackers threaten to shut down computer or …

Researchers Hack a Computer Using DNA
Techworm

With each passing day, hackers are using innovative ways to breach cyber security systems. One such inventive method of hacking a computer is via …

Data Breach at Philly-area Ob/Gyn Practice Among this Year’s Largest Nationally
Philly.com

The personal data breach affecting 300,000 patients disclosed last month by Women’s Health Care Group of PA LLC was the third-largest reported …

New Jersey to Receive $5.5M in Nationwide Insurance Data Breach Settlement
Hackensack Daily Voice

New Jersey is among the 32 states including the District of Columbia that have entered into a settlement with Nationwide Mutual Insurance Company …