American Addiction Centers (AAC) has notified 422,424 individuals that their personal information was stolen in a cyber-attack attributed to the Rhysida criminal organization. The incident was discovered on September 26, 2024, and the notification letter to affected individuals confirmed that the information exfiltrated included names, Social Security numbers, and health insurance information. AAC is offering
Data Privacy + Security Insider
Latest from Data Privacy + Security Insider - Page 2
Ascension Health Notifying 5.6 Million of Data Breach
We previously reported that Ascension Health detected a cyber-attack on May 8, 2024, that affected clinical operations in Ascension facilities in six states.
On December 20, 2024, Ascension notified the Maine Attorney General in a regulatory filing that the attack compromised the personal information of 5.6 million individuals. According to Ascension, the incident occurred on…
Adobe Issues Patches for ColdFusion “High Severity” Vulnerability
Adobe recently issued a patch for a high-severity vulnerability for ColdFusion versions 2023.11 and 2021.17 and earlier; according to the National Institute of Standards and Technology (NIST), “an attacker could exploit this vulnerability to access files or directories that are outside of the restricted directory set by the application. This could lead to the disclosure…
Cl0p Exploiting Cleo Software
According to Cyberscoop, the cyber gang Cl0p “has claimed responsibility for attacks tied to vulnerabilities in software made by Cleo, an Illinois-based IT company that sells various types of enterprise software.” The gang claimed responsibility for the attacks on its website. The vulnerabilities affect Cleo’s products LexiCom, VLTrader, and Harmony. Cleo reportedly services approximately…
Colorado Amends its Consumer Privacy Rights Act
After the conclusion of the public comment period earlier this month, the Colorado Department of Law adopted amendments to the Colorado Privacy Act (CPA). The Act grants rights to Colorado consumers concerning their personal information, including the right to access, delete, and correct their personal data as well as the right to opt out of…
Supreme Court to Hear TikTok Case
The United States Supreme Court announced on December 18, 2024, that it will hear the TikTok ban case and has scheduled oral arguments for January 10, 2025, before the ban’s January 19, 2025 effective date.
The case stems from a bipartisan law signed by President Biden that required ByteDance, the Chinese-based parent of the app…
Privacy Tip #425 – Late Shoppers: Beware of Scammers Sending You to Fake Websites
Scammers prey on us at our most vulnerable. Although some of us are early holiday shoppers, others wait until the last minute. Scammers know this and are lurking to find late shoppers scrambling for gifts. Many late shoppers feel a bit desperate, so they are at risk of falling for scams that divert them to…
Conclusion of Copyright Office’s Report on Artificial Intelligence Delayed Until 2025
*This post was authored by Daniel Lass, law clerk at Robinson+Cole. Daniel is not admitted to practice law.
This week, Director Shira Perlmutter indicated that the publication of part two of the U.S. Copyright Office’s three-part report on copyright issues raised by artificial intelligence (AI) would be further delayed. In her letter to the…
Privacy Tip #424 – Recent Big Win for Law Enforcement Over Cybercriminals
I often get asked whether law enforcement is making any headway in catching cybercriminals. Although it is a challenging task, a recent example of a big win for law enforcement deserves celebration.
Authorities from 40 countries, territories, and regions came together to assist INTERPOL with a recent global cybercrime initiative known as Operation HAECHI-V. The…
OCR Active with Settlements and Enforcement Actions in November and Early December
The Office for Civil Rights of the Department of Health and Human Services (OCR) was busy negotiating and settling enforcement actions in November and early December. Since October 31, 2024, the OCR has settled five separate cases of alleged HIPAA violations. The settlements include resolution agreements and civil monetary penalties.
One of the settlements and…