The European Union's latest regulatory framework targeting the financial sector, called the Digital Operational Resilience Act, went into effect today, aiming to strengthen the cyber resilience of financial firms - such as banks, insurers and investment firms - and avoid disruptive IT outages.
Biotech firm Enzo Biochem has agreed to pay $7.5 million to settle a consolidated proposed class action lawsuit involving a 2023 ransomware attack affecting 2.5 million people. The company has already paid $4.5 million in fines to three state attorneys general for the same incident.
Wolf Haldenstein Adler Freeman & Herz LLP, a law firm that represents consumers in data breach lawsuits, has reported to regulators its own 2023 hack affecting more than 3.4 million individuals. The incident isn't the first time a law firm that handles data breach litigation reported a major hack.
The European Union's most comprehensive digital and cyber risk regulations for the banking industry are set to come into force on Jan. 17, but only about 20% of EU financial services firms are ready to comply. Experts discuss implementation challenges and offer advice for non-compliant FIs.
A medical supply firm will pay $3 million to settle issues found by a HIPAA investigation into a breach. Also, a public health system will pay $60,000 to resolve a right-of-access dispute. The cases are among the latest in a spate of HIPAA enforcement actions as the Biden administration wraps up.
Six months after a ransomware attack temporarily crippled its blood donation and distribution activities, Florida-based nonprofit OneBlood is reporting a data breach to regulators that affected donors' personal information. Why is the incident reawakening healthcare supply chain concerns?
A Florida-based behavioral health holding company has paid federal regulators a $337,750 HIPAA settlement for a 2018 incident involving the deletion of electronic protected health information pertaining to nearly 3,000 patients. How should other entities avoid these data loss situations?
Washington state's attorney general filed a consumer protection lawsuit against T-Mobile over a massive 2021 data breach that exposed personally identifiable information for more than 79 million consumers, alleging in part the telecom failed to correctly notify victims.
An Indiana dental practice agreed to pay the state $350,000 and implement a long list of data security improvements following an alleged 2020 ransomware breach "cover up" that came to light when state regulators investigated a patient complaint about unfulfilled requests for dental X-rays.
A security snafu at a Volkswagen subsidiary exposed vehicle information and ownership details on approximately 800,000 cars, including precise location data and owners' personal profiles. A whistleblower found a vulnerability in the cloud storage accounts of Volkswagen subsidiary Cariad.
Seven months after a ransomware disrupted its IT systems for weeks, Catholic hospital chain Ascension Health is now notifying nearly 5.6 million current and former patients and employees that the incident - which also involved data theft - potentially compromised their information.
ConnectOnCall, which operates a communication platform that connects patients with healthcare providers during off-hours, is reaching out to nearly 1 million people about a breach that compromised their sensitive health information. The Wilmington, Del.-based firm reported the breach on Dec. 11.
Potentially hundreds of thousands of Rhode Islanders are affected by an attack on RIBridges, the state's IT system for health and human service benefits, including Medicaid. Cybercriminal group Brain Cipher claims to have stolen 1 terabyte of data from Deloitte, which manages the RIBridges system.
A breach that exposed the personal information of nearly 1.6 million patients of a Puerto Rico-based clearinghouse has led to a $250,000 financial settlement with federal regulations for multiple HIPAA violations. The 2019 leak has cost Inmediata Health $2.7 million in fines and civil settlements.
A Massachusetts hospital is notifying 316,000 people that their information was compromised in a cyberattack discovered nearly a year ago during Christmas 2023. Cybercriminal group Money Message claimed that it stole 600 gigabytes data, posting patient and employee records on the darkweb.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.
