Ohio State University email gaffe creates a FERPA breach

An email gaffe due to not using bcc: instead of cc: or TO:  revealed almost 400 Ohio State University students’ disability status to other students.  Read the story on The Lantern. Note that this is a FERPA issue, and there really is no requirement for breach notification to those impacted, but the unintended disclosure...

Salt Lake IT worker arrested, charged with sharing info on undercover officers

Another really serious insider-wrongdoing breach, if the allegations are true. Hayley Crombleholme reports: Salt Lake City Police Chief Mike Brown called allegations that a city employee accessed the names of undercover officers, metro gang files, and other restricted documents “very concerning.” The man was identified in a probable cause document as Patrick Driscoll, an...

PA: Westmoreland County Children’s Bureau employee facing charges for accessing info to tip off a relative of investigation

Hometown2 reports: An Aultman woman is facing charges in Westmoreland County for accessing information from the state’s anonymous Childline and tipping off a relative in relation to a child welfare probe. The Trib reports that 39-year-old Rebecca D. Walker allegedly accessed the system through her job with the Westmoreland County Children’s Bureau.  The report...

Email breach at vendor to alliance of dental practices impacts numerous practices, more than 170,000 patients

For the second time in the past year, an alliance serving dental practices has been hit with a cyberattack.  Last year’s attack impacted patients at Kids First Dentistry & Orthodontics, a subsidiary of Professional Dental Alliance  of Connecticut.  They reported a a ransomware attack on First Impressions Orthodontics impacted their patients. This year, a...

Chico State employee charged with hacking, leaking vaccine exemption requests

Austin Herbaugh reports: A Chico State employee has been charged with criminal hacking after officials say he leaked vaccine exemption requests and personal information from some students. 22-year-old Alejandro Benitez is accused of publishing a list of Chico State students who applied for a religious exemption from the university’s COVID-19 vaccine requirement. Read more...

44% of Healthcare and Pharmaceutical Organizations Have Experienced a Data Breach Caused By a Third Party in the Last 12 Months

 SecureLink, a leader in critical access management, has released a new report titled “A Matter of Life And Death: The State of Critical Access Management in Healthcare,” revealing that third-party attacks in healthcare are on the rise and fundamentally threaten not just highly sensitive medical data, but patient care. The report, which includes data...

Why Not Hold Ransomware Attackers Hostage for a Change?

Mark Rasch writes about a fourth option for ransomware victims in terms of response: … what happens in the case where you are able to identify—either by name, location, computer, IP address, MAC address or otherwise—the individual(s) responsible for the ransomware, extortionware or electronic demand for payment? Right now, a ransomware victim has few...

US Government warns of BlackMatter ransomware attacks against critical infrastructure

Graham Cluley writes: The US Government has issued an alert to organisations about the threat posed by the BlackMatter ransomware group. The government’s Cybersecurity & Infrastructure Security Agency (better known as CISA) issued the advisory earlier this week, following a series of BlackMatter ransomware attacks since July 2021 targeting US critical infrastructure, including two American organisations...