Updates on data breaches in healthcare and the school system. T-Mobile’s data protection lawsuits are aiming for consolidation.


At a glance.

  • T-Mobile’s lawsuits for data protection violations are heading towards consolidation.
  • Data exposure in a school system in Saskatchewan.
  • Georgia healthcare provider has been criticized for poor preparation for ransomware attacks.
  • Update on the Desert Wells Family Medicine data incident.

T-Mobile agrees to consolidate data breach lawsuits.

T-Mobile’s recent massive data breach has led to a number of proposed class action lawsuits – twenty-nine, to be precise, have been filed in eight different federal district courts. Reuters reports that T-Mobile supports plaintiffs’ motion filed last month to centralize the lawsuits in a federal district court. However, while the plaintiff proposed the US District Court for the Western District of Washington (the headquarters of the cellular giant), T-Mobile is proposing a different court as the Western District Court is currently suffering from a shortage of judges. T-Mobile stated, “This is not a dispute that should be assigned to a court with such severe resource constraints.” With only two active judges and five vacancies, the court has the highest vacancy rate in the country.

Accidental violation of the Canadian school.

According to a recent investigative report released by the Office of the Saskatchewan Information and Privacy Commissioner (SIPC), the private information of nearly three thousand students in the Chinook School Division in Saskatchewan, Canada was inadvertently revealed. The Prairie Post reports that the breach occurred when a GitHub code repository was accidentally set to public instead of private for about thirty-six hours. While the district has taken new security measures, including revising its GitHub procedures, SIPC Commissioner Ron Kruzeniski believes the district needs to do more: “While these are good first steps, the school department should take further steps to address this risk to mitigate … The school department should thoroughly evaluate these applications before using them for their own business purposes. “

Georgia health system under attack for ransomware attack

The St. Joseph’s / Candler Health System (SJ / C) is facing a lawsuit filed by one of the patients affected by their most recent ransomware attack, reports GovInfoSecurity. The lawsuit alleges that the Georgia health center was “reckless” and “negligent” and failed to heed warnings from federal agencies such as the Department of Health and Human Services, the Cybersecurity and Infrastructure Security Agency, and the Federal Bureau of Investigation recently released a series of alerts about ransomware threats in the healthcare sector. “Despite repeated, explicit and detailed warnings about how hackers target IT systems in hospitals and how such attacks can be prevented, the defendant maintained an IT system that was susceptible to attacks by these cyber criminals,” says the complaint. It’s worth noting that although the attack was discovered in June, the intruder had access to SJ / C’s systems for about six months without detection. The plaintiff is demanding damages and five years of credit and identity monitoring, and calls on SJ / C to improve its security protocols.

Update on the attack on Desert Wells.

As we discovered earlier this week, Arizona-based healthcare provider Desert Wells Family Medicine announced that it experienced a ransomware attack in May that affected at least 35,000 patients. The newly released notice of a data loss incident states that outside forensic experts and law enforcement agencies are conducting investigations and have determined that the data concerned includes addresses, dates of birth, social security numbers, driver’s license numbers, and health insurance and treatment details, but investigators say there are no indications misuse of the data.

Nick Sanna, CEO of RiskLens, wrote the importance of understanding where a company’s resources should be used to improve cybersecurity: the financial impact of ransomware attacks on your business. Quantifying cyber risk in financial terms is the key to the right buy-in and level of protection. Technical arguments alone are not enough and are devalued too quickly. “


About Author

Leave A Reply