Whose data does GDPR protect?

General Data Protection Regulations became a part of EU law in May 2018. Before GDPR, European data protection laws were deemed unable to mitigate the risk of data theft. Furthermore, individuals had few rights over their data. EU lawmakers sought to revolutionise the data security landscape and introduce new regulations that were more fit to … Read more

Press America Inc Faces Lawsuit Over HIPAA Breach

Press America, Inc, a mail service used by a pharmacy benefit manager CVS Pharmacy, is being sued for the occurrence of an accidental disclosure of 41 people’ protected health information. As a subcontractor to supply a mail-order pharmacy service for the health planCVS Pharmacy is a business associate of health plan CVS Pharmacy and, as such, … Read more

Medical Data from Closed Pennsylvania Obs/Gyn Clinic Found at Allentown Public Recycling Center

Private Medical Data has been found at a recycling center in Allentown, Pennsylvania. Paper files containing names, Social Security numbers, and medical histories, including details of cancer diagnoses and sexually transmitted diseases were located that the center by a city worker. The medical files appear to have belonged to Women’s Health Consultants, an obstetrics and gynecology … Read more

12,172 Individuals Impacted by ShopRite Data Breach

Pharmacy customers of ShopRite Supermarkets, Inc. have been impacted by a security violation caused by the improper disposal of a device used to record the signatures of customers. The device was used at the ShopRite, Kingston, NY location during the time period from 2005-2015 and saved personal and medical details. Customers who went to the … Read more

Extortion Attack on Private Information of Sports Medicine Clients

7,000 patients of Sports Medicine & Rehabilitation Therapy (SMART) have been alerted of a possible breach of the private personal information. It is believed the breach, which involved an extortion attempt, may have impacted anyone whose information was taken during a visit to a SMART center before the last day of 2016. The extortion attempt … Read more

Iliana Peters Now Acting Deputy at the OCR

OCR’s Iliana Peters has stepped in to replace Deven McGraw, Deputy Director for Health Information Privacy at the Department of Health and Human Services’ Office for Civil Rights (OCR), in an interim role. Peters will serve as Acting Deputy Director until a suitable replacement for McGraw can be identified. Peters has departed her role as … Read more

Survey finds US and UK Companies Slow to Prepare for GDPR Compliance

A recent survey, conducted by Dimensional Research, has revealed that the levels of unpreparedness for both US and UK firms for compliance with the EU’s General Data Protection Regulation (GDPR) are high. Results seen in both the UK and US studies confirm the clients’ fears about the difficulty of privacy management. It also backs up … Read more

HIPAA Alliance Marketplace Matches Healthcare Organizations With HIPAA-Compliant Business

This week has seen the launch of a new platform that streamlines the process of searching for HIPAA-compliant business associates. The HIPAA Alliance Marketplace has been developed to match HIPAA covered entities with trusted vendors that have been independently verified as HIPAA-compliant. Healthcare organizations are required to comply with Health Insurance Portability and Accountability Act … Read more

HIPAA Compliant Business Associates Easier to Locate with New Tool

The challenge of finding HIPAA compliant business associates has been addressed with the introduction of a new tool to simplify this task. Healthcare organizations are only allowed to use business associates that comply with HIPAA Rules and sign a business associate agreement. Finding HIPAA compliant business associates is time consuming, although locating vendors willing to follow … Read more

FinSpy Malware Installed Using Adobe Flash Player Uopdate Flaw

Last week software giant Adobe issued a new patch for Flash Player to address an actively exploited weakness (CVE-2017-11292) that is being targeted by the hacking group Black Oasis to install FinSpy malware. Finspy is strictly not defined as malware, it is a legitimate software program developed by the German software company Gamma International. However, … Read more

New MyEtherWallet Phishing Attacks Witnessed

A new wave of MyEtherWallet phishing attacks has been witnessed which use a convincing domain and MyEtherWallet branding to trick MyEtherWallet users into sharing their credentials and providing criminals with access to their MyEtherWallet accounts. In the initial hours of the phishing campaign, the criminals responsible for the scam had obtained more than $15,000 of … Read more

1300 People Impacted by RiverMend Health Breach

An unauthorized person has been found to have obtained access to the email credentials of one the  employees at RiverMend Health, a provider of specialty behavioral health services including services for drug and alcohol addiction. The unauthorized access was discovered by the Augusta, GA-based group on August 10, 2017, when it was noticed that suspicious … Read more

Improperly Configured Cloud Services in Over Half of Businesses

The healthcare sector has made great waves recently in embracing cloud based technology. Most healthcare groups now implementing secure cloud storage services to host web applications or store data which contains electronic protected health information (ePHI) pertaining to subscribers. However, as the proliferation of secure cloud storage systems continues at pace, it does not mean … Read more

Almost 500K Records Exposed in September Healthcare Data Breaches

The Breach Barometer report from for September has been released and shows there was a significant increase in healthcare data breaches during that month. The report collates healthcare data violations reported to the Department of Health and Human Services’ Office for Civil Rights (OCR) and security breaches recorded by databreaches.net. The latter of which have … Read more

Advisory Issues by Department of Education Regarding Hacking and Extortion Threats

TheDarkOverlord hacking group has, in recent time, been targeting K12 schools; obtaining access to networks, stealing data and trying to extort money. As a reaction to the hacking and extortion threats, the U.S. Department of Education has released an advisory to K12 schools and has issued guidance to help educational institutions mitigate danger and safeguard their … Read more

HIPAA Compliance and Skype: What You Need to Know

Skype and other text messaging platforms are a useful way of broadcasting information, but there are some questions to be answered in relation to HIPAA compliance of the service. There has recently been a lot of discussions and debate regarding this. There are security measure implemented by Skype to prevent unauthorized access of information transmitted … Read more

U.S. Organizations Targeted by FormBook Malware Campaign

Specific industry sectors in the United States and South Korea have been the main targets in the Formbook malware attacks. However there has been some worry that the malware will be used in more widespread cyberattacks around the world. So far, the Aerospace industry, defense contractors, and the manufacturing sector have been widely targeted; however, … Read more

PHI Exposure May Have Happened Following Theft of Unencrypted Laptop

Exposure of patients’ protected health information may have occurred after an unencrypted laptop computer was stolen from a car belonging to an employee of Bassett Family Practice in Virginia. The theft of the laptop is thought to have occurred during the weekend of 12/13 August. Patients were warned of the exposure of their private date … Read more

Zero Day Vulnerabilities Exploited by Microsoft Patches

This Patch Tuesday has seen Microsoft release several updates for serious vulnerabilities, some of which are being constantly exploited in the open. Microsoft is pleading with companies to apply the patches now to keep their systems safe. Some of the vulnerabilities are simple to exploit, requiring little experience or knowledge Overall, 62 vulnerabilities have been … Read more

Public Whois Registry Likely to be Affected by GDPR

The EU GDPR Law will have a significant impact on the businesses that process and manage EU citizens’ data. WHOIS is a member of Domain Name sector that is likely to be affected by the new data protection legislation. The introduction of these new laws will be a delicate process for companies as they work … Read more

Proposed Rule for Certification of Compliance for Health Plans Withdrawn by HHS

The Department of Health and Human Services, at the start of 2014, completed a proposal for introducing a new rule to bring in an official certification of compliance for health plans. The proposed rule would have obligated all controlling health plans (CHPs) to complete a variety of documentation to HHS to confirm compliance with electronic … Read more

GDPR to be incorporated in new UK Data Protection Bill

The British Government has completeded the Data Protection Bill that aims to align the country’s data protection regime with the soon to be introduced European Union General Data Protection Regulation (GDPR). This will allow UK citizens to have more control over their private personal information and impose harsher penalties on the companies that breach the laws. The Bill … Read more

Matrix Ransomware Campaign Detected by Security Researcher

A new Matrix ransomware malvertising campaign has been detected by security researcher Jérôme Segura. The campaign employs malicious adverts to send users to a site hosting the Rig exploit kit. Flash and IE weaknesses are exploited to install the malicious file-encrypting payload. The Matrix ransomware is not a threat that hasn’t been seen before, having … Read more

Redlock Report: Cloud Storage Services are Misconfigured in over Half of Businesses

According to a recent study by cloud threat defense firm RedLock, more than half of businesses have made mistakes that have exposed sensitive data in the cloud. The report reveals that as muc as 53% of organizations are not following established security best practices, such as using multi-factor authentication for all privileged account holders. Worse again, many … Read more

Hackers Able to Gain Access Using New Rowhammer Exploit

The Rowhammer exploit was first identified three years ago and was seen enabling hackers to access devices by using DRAM memory cells. Rowhammer attacks uses the close proximity of memory cells, making them leak their charge and change the make up of neighboring memory cells. The cyber attack involves sending constant read-write operations using carefully … Read more

Yahoo Data Breach Saw 3 Billion Accounts Breached in 2013

After it was first discovered the 2013 Yahoo data violation was quickly found to have affected many of the company’s customers and in December 2016 it was announced that 1 billion accounts had been compromised. In September 2016, prior to that announcement, a separate breach was discovered that affected approximately half a billion email accounts. … Read more

51,000 Plan Members Affect by Network Health Phishing Attack

Network Health, a Wisconsin-based insurer, has contact 51,232 of its plan members to advise them that some of their protected health information (PHI) hmay have been obtained by unauthorized persons. Last August,  a number of Network Health staff members received sophisticated phishing emails. Two of those members of staff replied to the scam correspondence and handed … Read more

U.S. Organizations Targeted by FormBook Malware Attacks

The majority of Formbook malware cyber attacks have focused on specific industry sectors in the United States and South Korea, but there is some worry that the malware will be employed in more attacks worldwide. So far, the Aerospace industry, defense contractors and the manufacturing sector have been mainly targeted; however, attacks have not been … Read more

Multi-Function Printers Flaw Risks Password Security

Ruhr University Researchers have uncovered significant security flaws in multi-function printers which may be exploited remotely by hackers to shut down the printers, or more worryingly, modify documents or steal user passwords. Hackers might aslo exploit the flaws in order to physically damage printers. The security flaws have already been found in HP, Lexmark and … Read more

Should Identity Theft Protection Services Be Offered to Data Breach Victims Under HIPAA?

The HIPAA Breach Notification Rule stated that covered bodies must advise people once their ePHI has been compromised. It is less clear if it is a requirement that credit monitoring and identity theft protection services should be be offered to those affected. HIPAA does not stata outright whether credit monitoring and identity theft protection services should be … Read more

GDPR Leads Lloyds to Alter Marketing Campaigns

Lloyds Banking Group has taken steps to introduce new marketing campaigns due to the coming introduction of the European Union’s GDPR legislation, a new set of guidelines on data privacy and security. Lloyds is moving from product-focused campaigns to the content-focused strategies in line with the GDPR legislation. Lloyds is one of the groups that has … Read more

OCR Issue Clarification on HIPAA Disclosure Rules

The Department of Health and Human Services’ Office for Civil Rights OCR, has, following the recent attacks in Las Vegas, moved to issue a clarification on HIPAA Rules regarding disclosures to family, friends and other people. In the aftermath of Hurricane Irma and Hurricane Maria, OCR issued a partial waiver of certain provisions of the … Read more

Patch Issued for Actively Exploited Drupal Vulnerability

A patch for a vulnerability in Drupal (CVE-2017-6922) that has been activiley exploited for some months was released in June 2017. The flaw affects Drupal v 7.56 and 8.3.4. Drupal was aware of the flaw, an access bypass vulnerability, since October 2017. It is possible for the flaw to be exploited on misconfigured websites, permitting … Read more

Cybercriminals with Nation-State Support Responsible for Yahoo Attack

InfoArmor has claimed that data from the Yahoo breach of over one billion user accounts has already been purchased on the black market by multiple third parties on numerous occasions. Although Yahoo argues that a nation-state sponsored group was responsible for the hack, research carried out by InfoArmor’s indicates otherwise and a number security experts … Read more

Global Reports of WannaCry Ransomware Attacks

There has been a huge increase in WannaCry ransomware attacks around the globe, including a new campaign being launched on Friday the 13th of May 2017. Unlike previous WannaCry ransomware attacks, the present campaign takes advantage of a vulnerability that is found in Server Message Block 1.0 (SMBv1). Zero day exploits are often employed by … Read more

US-Certs: SSL Inspection Tools Might Make Cybersecurity Weaker

A recent warning issued by US-CERT has advised that SSL inspection tools may actually do the opposite of what they are intended for; i.e. they might serve to weaken the cyber defenses of healthcare organizations’ rather than strengthen them – by making their computer systems more at risk of man-in-the-middle attacks. It should be noted … Read more

Rapid Account Verification Being Offered by New Twitter Credit Card Phishing Scam

Proofpoint, the cybersecurity firm, has confirmed that is has discovered a new Twitter credit card phishing scam. Users of the social media platform Twitter are being offered verified account status via native Twitter ads; the catch being that signing up requires the provision of credit card details, which are then communicated to the attackers. Obtaining … Read more

Windows Dialog Box Mimicked By Newly Discovered Trojan Downloader

Dr. Web, a Russian antivirus firm has recently discovered a new Trojan downloader. The malware uses a popup Windows ‘Save As’ dialog box to install malicious payloads, which have thus far all been adware. The malware, dubbed “Trojan.Ticno.1537”, installs variety of adware together with a malicious extension for Google Chrome. According to Dr. Web, the … Read more

Wi-Fi Routers Infected by Switcher Trojan through Android Mobiles

Kaspersky Lab has identified a highly dangerous new Trojan which has been used to attack Wi-Fi routers through Android devices. The new form of malware, which has been dubbed the Switcher Trojan, is presently being employed to attack routers based in China. Nonetheless, Kaspersky Lab researchers have warned that the new malware could indicate a … Read more

Erie County Medical Center Patients Put at Risk by Apparent Ransomware Attack

Ashland Women’s Health confirmed in April 2017 that it had been the victim of a significant ransomware attack.19,272 Ashland patients were affected. This followed confirmation the previous week that ABCD pediatrics ransomware attack had put 55,447 patients at risk. On Sunday 9th April, a third healthcare provider became aware that it had received a ‘virus’ … Read more

San Francisco Transport System Ransomware Attack Reported

A ransomware attack on the San Francisco Transport System in November 2016 resulted in the encryption of computers used by the city’s light rail system. The criminals responsible for the attack demanded ransom of 100 Bitcoin (approxiately $70,000) for the key to unlock the encryption. The San Francisco Municipal Transportation Agency (SFMTA) stated that although … Read more

Investigation into Ransomware Infection Affecting 19,000 People

One of Highmark Blue Cross Blue Shield’s (Delaware) subcontractors has fallen victim to a ransomware infection and cyberattack that may have put private information relating to almost ninetenn thousand beneficiaries of employer-paid health plans at risk. The attack happened on the 5th of August 2016 at Highmark BCBS subcontractor Summit Reinsurance Services, however affected individuals … Read more