Apr 212018

Eugenia Estes reports:

Annual state-mandated assessment testing did not get off to the best start this week for many systems, including Greene County Schools, due to what is being investigated as a cyber attack on the company that handles online TN Ready testing for the state.

Although there were some disruptions to the testing for some students in Greene County Schools on Monday and Tuesday, testing did continue and students were able to finish their exams, according to Julia Lamons, data supervisor for the district.

Read the full report on Greenville Sun.

Regular readers may recall that Questar was mentioned on this site earlier this year when they had a breach that affected a number of schools in Mississippi and New York. Although it has not been confirmed that Questar was attacked this past week, from the reporting on the Greenville Sun, it does sound like it is likely.

Update:  So, it’s more than just Tennessee, it seems. I’m still getting caught up with news, but it appears that seven states may have been impacted, including New YorkSouth Dakota, Mississippi,  and Missouri. Two other states were not as “negatively affected.

So clearly there needs to be a deep investigation into what happened and how the vendor can prevent a recurrence of the problem.

Apr 202018

BBC reports:

A teenager who tricked his way into obtaining the email and phone accounts of senior US intelligence officials has been sentenced.

Kane Gamble, 18, targeted CIA, FBI and US Department of Justice databases from his bedroom in Leicestershire.

The Old Bailey was told Gamble, who has admitted a number of charges, damaged the “effectiveness” of the wider law enforcement community.

He will serve two years at a youth detention centre.

Read more on BBC.

Apr 192018

Fox47 reports:

An attack on Ingham Intermediate School District’s online network and the person police say is responsible was one of its own students. The incident happened in February 2017.

On Wednesday FOX 47’s Alani Letang learned more on that student, who now faces criminal charges after shutting down the district’s internet servers.

Police say 19-year old Brandon Barlett targeted the district in a ransomware attack. That attack didn’t put students or staff in danger but did affect the day to day operations of the school district.

“A couple hours in the morning a couple in the afternoon over a period of ten days is between 30-40 hours that the internet was down. The impact of teaching and learning of students and the productivity of our school employees,” said Scott Koenigsknecht- Ingham Intermediate School District Superintendent

Read more on Fox47.

Apr 182018

Let’s remember that k-12 school districts often maintain medical information on their employees, as this notification from Victoria Independent School District in Texas reminds us.

In this case, some employee email accounts were inappropriately accessed between July and October 2017. Some of the emails in those accounts contained employees’ personal information, including “name, address, Social Security number, government-issued identification number, financial account information, and/or medical information.”  You can read the full notification, below.  The district offered those affected services with ID Experts:

Apr 182018

Polk County Health Services, Inc., in Iowa recently started notifying 1,071 patients seen at the Crisis Observation Center in Des Moines, Iowa between June 1, 2014 and January 11, 2018. According to a statement issued on April 13,  Polk County Health Services, Inc. “accidentally and unknowingly disseminated” personal and protected health information for patients seen during that time period.  They first became aware of the breach on February 14, 2018.

The information unknowingly disclosed includes: full name, home address, Social Security number, Medicaid identification number, date of admission to the Crisis Observation Center and discharge location. The statement from PCHS indicates that they do not have evidence the information was improperly used.

PCHS’s notification did not explain how the data were accidentally disseminated, nor how PCHS discovered the breach on February 14, 2018.  Email requests for clarification to the Executive Director of Polk County Health Services, Inc. and to the Privacy Officer for Polk County Health Department Director have been unanswered as yet. The incident has been reported by PCHS to HHS and appears on HHS’s public breach tool.

You can read the entire notice from PCHS’s web site, below: