Tag Archive for: failing

In What Could Be a Trend, Ransomware Operation Files SEC Complaint Against Victim for Failing to Timely Disclose Cyberattack


Ransomware operation AlphV/BlackCat has filed a U.S. Securities and Exchange complaint against one of its alleged victims, MeridianLink, for allegedly failing to comply with the four-day rule to disclose a cyberattack.

AlphV/BlackCat listed the software company on its data leak with a threat that it would leak allegedly stolen data unless a ransom is paid within 24 hours. MeridianLink provides digital solutions for financial organizations such as banks, credit unions and mortgage lenders.

Source…

Scripps Health was attacked by hackers. Now, patients are suing for failing to protect their health data


It took several weeks for Scripps Health to get its computer network and medical records system back online after it was hit with a ransomware attack May 1.

Now, the five-hospital health system is facing several class-action lawsuits from patients who charge that system leaders failed to keep their medical data safe from hackers.

San Diego-based Scripps Health was besieged by a cyberattack that forced the health system to take a portion of its IT system offline for several weeks, which significantly disrupted care and forced medical personnel to use paper records. 

But the cybercriminals didn’t just disrupt operations; the hackers also stole data on close to 150,000 patients, the health system said earlier this month.

Scripps Health notified 147,267 patients that hackers acquired some health and personal financial information during last month’s ransomware attack.

A lawsuit filed Monday in the Southern District of California on behalf of patients Michael Rubenstein, Richard Machado and others accuses the health system of negligence and invasion of privacy as a result of the data breach.

RELATED: Before attacking IT systems, hackers stole information from 147K patients, Scripps Health says

The personal information—including names, drivers’ licenses and Social Security numbers and/or patient care records of nearly 150,000 Scripps Health patients—was compromised in the massive data breach, according to Oakland, California-based law firm Scott Cole & Associates, which is representing the plaintiffs in the case.

“That medical histories were accessed in this data hack makes this situation unique,” Scott Cole, the principal attorney on the case, said in a statement. “Despite hundreds of data breaches every year in this country, most do not involve such highly sensitive patient information as was obtained here.”

The lawsuit claims Scripps Health maintained inadequate security measures for detecting and addressing the cyberattack, especially given knowledge of a heightened threat.

In addition to monetary damages, the suit demands Scripps Health implement and maintain sufficient security protocols going forward so as to prevent future attacks. 

A Scripps Health…

Source…

Knight First Amendment Institute Sues The CDC For Failing To Provide Details Of Its Media Gag Order

We’ve talked quite a bit about the importance of clear and transparent government during the COVID-19 pandemic, and how China’s (ongoing) refusal to allow for people to speak out almost certainly contributed to the pandemic becoming even worse. And now the same situation has been showing up across the US as well. We’ve talked about hospitals firing doctors and nurses for speaking out about supply shortages, and now there’s news that the US Navy fired the captain of the USS Theodore Roosevelt, Brett Crozier, after he sent his bosses a letter pleading for help as COVID-19 was spreading throughout his crew. Rather than recognize that he was pleading for help, they fired him… because his letter got out to the media and it made them look bad.

The Navy fired the captain of the USS Theodore Roosevelt on Thursday, four days after he pleaded for help as the coronavirus ravaged his crew, the Navy announced.

Acting Navy Secretary Thomas Modly announced that Navy Capt. Brett Crozier was relieved for loss of confidence.

“I just know that he exercised extremely poor judgment,” Modly said.

But, perhaps the worst of all appears to be the gag order on actual infectious disease experts within the US government. Back in late February, when VP Mike Pence was first put officially in charge of responding to the COVID-19 threat, it was quickly reported that the White House had put in place a media gag order on all government officials, saying that all communication had to go through Pence’s office. Indeed, various media appearances were cancelled by top CDC officials.

In response to this, the Knight First Amendment Institute at Columbia had sent a detailed FOIA request asking for any records regarding policies and procedures governing public communications by CDC employees and contractors, as well as a variety of related items, including instructions sent by the CDC’s Public Affairs office. Having not received a response, the Knight Institute has now sued the CDC demanding it turn over the information as soon as possible. Given the situation, you can see why this might be pretty damn urgent.

We are in the midst of a global pandemic. The novel coronavirus—and the disease that it causes, COVID-19—has spread to all fifty states. According to the Johns Hopkins Coronavirus Resource Center, as of April 2, more than 215,000 people in the United States have been diagnosed with COVID-19, and more than 5,000 people have died from it. At a White House press conference on March 31, a member of the Coronavirus Task Force stated that they expected 100,000 to 240,000 deaths from COVID-19, even with mitigation efforts.

In the face of this public health emergency, the White House has restricted the flow of information from the CDC—the nation’s public health agency—to the public. According to recent news stories, scientists and health officials at the CDC must now coordinate with the Office of Vice President Mike Pence before speaking with members of the press or public about the pandemic. These stories have raised concerns that public health experts who know most about the risks to the public are not being permitted to speak candidly and that the information the government is now conveying may be incomplete, inaccurate, or misleading.

The CDC itself imposes unusually stringent restrictions on the ability of CDC employees to speak to the press and public. In 2017, Axios published text from a CDC policy announcing that “any and all correspondence with any member of the news media, regardless of the nature of the inquiry, must be cleared through CDC’s Atlanta Communications Office.”

As the lawsuit notes, the CDC denied “expedited” status to the Institute’s FOIA request claiming — somewhat ridiculously — that the Institute “failed to show that there is an imminent threat to the life or physical safety of an individual.” Yeah, not an individual, but to fucking everyone. Just… look around, dammit. The fact that we can’t get straight answers from people at the CDC is contributing to this mess we’re in today where thousands of people are dying and many tens of thousands more are expected to. It seems pretty damn petty for the CDC to quibble over this. But they are doing so, and hence, they’re getting sued.

Techdirt.