ITSecurity.Org Ltd

Bill Spells Out New Factors to Weigh in Setting HIPAA Fines

Measure Passed by Congress Would Require Considering Use of ‘Recognized Security Practices’
Under legislation passed by Congress this weekend that awaits President Trump’s signature, HIPAA enforcers, when considering financial penalties for compliance violations, would need to determine whether an organization had implemented “recognized security practices,” such as the NIST Cybersecurity Framework.

DOJ Seizes Fake Domains Impersonating Moderna, Regeneron

Prosecutors: Websites Spoofed Pharmaceutical Firms for ID Theft
Federal investigators have seized two domains impersonating the pharmaceutical firms Moderna, which has begun shipping a COVID-19 vaccine, and Regeneron, which developed a treatment for COVID-19, according to the U.S. Justice Department. Fraudsters were using the websites for identity theft.

US Treasury Suffers ‘Significant’ SolarWinds Breach

‘Dozens of Email Accounts’ Compromised by Attackers, Says Senior Democratic Senator
An ongoing investigation at the U.S. Treasury Department has found that it suffered a “significant” breach as a result of the SolarWinds Orion supply chain attack, and that at least dozens of email accounts were accessed, reports a top Democrat on the Senate Finance Committee.

UK firm NOW: Pensions tells 1.7 million customers a ‘service partner’ leaked their data all over ‘public software forum’

Compromised info include names, email addresses, DoBs, and National Insurance numbers

Workplace pension provider NOW: Pensions has emailed its near 1.7 million UK customers to warn about a data leakage caused by contractor error.…