Queen Creek Medical Center (QCMC), also known as Desert Wells Family Medicine, located in Arizona, has notified up to 35,000 patients of a data breach following a ransomware attack that corrupted its medical records system, leading to a loss of a significant number of records. According to a letter sent to patients, QCMC discovered that during the ransomware attack, the threat actor corrupted the data and QCMC’s back-ups, and despite efforts to repair and restore…

Data Privacy + Cybersecurity Insider

FabFitFun Settles Class Action for $625,000 for Alleged Data Security Failures

By Kathryn Rattigan

September 16, 2021

FabFitFun, a fashion and beauty subscription service, settled claims that it failed to adequately protect and secure consumer data resulting in a data breach for a sum of $625,000 in the U.S. District Court for the Central District of California. In addition to agreeing to the monetary settlement, FabFitFun agreed to implement security measures, including engaging a third-party cybersecurity forensic vendor to conduct a risk assessment, offer multi-factor authentication for customers to access their accounts,…

Data Privacy + Cybersecurity Insider

OCR Announces 20th Settlement Under Right of Access Initiative

By Linn Foster Freedman

September 16, 2021

The Office for Civil Rights (OCR) recently announced that it has entered into the 20th settlement under its Right of Access Initiative. The settlement with Children’s Hospital and Medical Center in Nebraska includes an $80,000 payment by the hospital for failing to provide a mother with timely access to her daughter’s medical records. According to OCR, after the mother first requested the records, the hospital provided her with some of the records, but failed to…

Data Privacy + Cybersecurity Insider

Few Organizations are Actually Preparing for a Ransomware Attack

By Linn Foster Freedman

September 16, 2021

Although executives of organizations report that ransomware is their number one security concern, and 87 percent of them expect an increase in cyber-attacks against their organizations over the next year, only one-third of them said they had conducted a tabletop exercise to prepare for a ransomware attack. According to a survey of 50 executives, Deloitte found that although ransomware and cyber-attacks remain a top concern for executives, 54 percent of the executives surveyed stated that…

Data Privacy + Cybersecurity Insider

Ohio City Considering Anti-Drone Voyeurism Law

By Kathryn Rattigan

September 16, 2021

Recently, the Hamilton City Council in Ohio proposed a new local ordinance that would specifically prohibit the use of drones to commit voyeurism in response to complaints from a resident that someone in his neighborhood was harassing individuals with a drone by recording images. The complainant explained to the Council that a man was operating a drone and peering into windows in his neighborhood, flying over children playing in their yards and even chasing a…

Data Privacy + Cybersecurity Insider

Privacy Tip #300 – Apple iPhone Users: Update Your iPhone iOS ASAP

By Linn Foster Freedman

September 16, 2021

We have noted before how important it is to update the operating system (OS) on your mobile phone as soon as you receive notice from the manufacturer. This week, Apple issued an update to the iOS that is considered urgent. Apple released two patches this week to address two security vulnerabilities in iPhones, including to protect against Pegasus spyware and WebKit, which is related to how Safari is displayed on screens. The first patch aims…

Data Privacy + Cybersecurity Insider

FBI Warns of Hive Ransomware Following Attack Against Hospital System

By Linn Foster Freedman

September 2, 2021

On August 25, 2021, the FBI issued a Flash Alert to warn companies, especially in the health care industry, about the proliferation of attacks by threat actors using Hive ransomware. According to the Flash Alert, Hive was first observed in June 2021: “Hive ransomware uses multiple mechanisms to compromise business networks, including phishing emails with malicious attachments to gain access and Remote Desktop Protocol (RDP) to move laterally once on the network.” “After compromising a…

Data Privacy + Cybersecurity Insider

Irish DPA Hits WhatsApp with $266M Fine for Alleged GDPR Violations

By Linn Foster Freedman

September 2, 2021

When GDPR became effective three years ago, companies took notice of the fines and penalties attached to violations of the stringent privacy law—4 percent of global annual sales. The fines have been racking up, including the most recent one by the Irish Data Protection Commission against WhatsApp—$266 million. WhatsApp is owned by Facebook. The fine follows what the Data Protection Commission says were violations by WhatsApp in the way it provided notice on how it…

Data Privacy + Cybersecurity Insider

Voyage of Autonomous Ship in Japan; First to Set Sail in Area with Heavy Marine Traffic

By Kathryn Rattigan

September 2, 2021

In 20 years, could it be possible that 50 percent of all domestic ships on Japan’s coastal waters will be piloting themselves? Absolutely. A public interest organization in Japan, the Nippon Foundation, seeks to accomplish just that. The Foundation is backing Japan’s development of autonomous ships with the goal of making up 50 percent of Japan’s local fleet by 2040. To reach this goal, in February 2022, a group of vessels, including Japan’s largest shipping…

Data Privacy + Cybersecurity Insider

Privacy Tip #299 – Creepy SpyFone Banned by FTC

By Linn Foster Freedman

September 2, 2021

In a second case against stalkerware apps and the first where the FTC has banned a company from doing business, the FTC announced on September 1, 2021, that it has “banned SpyFone and its CEO…from the surveillance business over allegations that the stalkerware app company secretly harvested and shared data on people’s physical movements, phone use, and online activities through a hidden device hack.” According to the FTC’s press release, “The company’s apps sold real-time…

Data Privacy + Cybersecurity Insider

Leveraging Knowledge to Manage Your Data Risks

Blog Authors

Medical Center Rebuilding EMR Following Ransomware Attack

FabFitFun Settles Class Action for $625,000 for Alleged Data Security Failures

OCR Announces 20th Settlement Under Right of Access Initiative

Few Organizations are Actually Preparing for a Ransomware Attack

Ohio City Considering Anti-Drone Voyeurism Law

Privacy Tip #300 – Apple iPhone Users: Update Your iPhone iOS ASAP

FBI Warns of Hive Ransomware Following Attack Against Hospital System

Irish DPA Hits WhatsApp with $266M Fine for Alleged GDPR Violations

Voyage of Autonomous Ship in Japan; First to Set Sail in Area with Heavy Marine Traffic

Privacy Tip #299 – Creepy SpyFone Banned by FTC

Stay Connected

Company

Products

Support

New to the Network