Author: Bob Covello

July AT&T announced (in a financial filing) the discovery of a data breach dating back to 2023 that affects almost every AT&T customer. “The stolen data also includes call records of customers with phone service from other cell carriers that rely on AT&T’s network, the company said.” It should be noted that the delayed reporting of the incident was at the behest of law enforcement, citing national security concerns. Techcrunch reported that the data breach is related to similar criminal activity that targeted the Snowflake cloud service provider. This was also the second breach this year for AT&T customers. It…

As 2023 came to a close, it was easy to predict that breaches would continue to dominate the cybersecurity news. However, the scale of the events, specifically the Change Healthcare breach eclipsed all others for the year. The other event that shook not only the entire technology community, but also the world, was the Crowdstrike update debacle (which no one could ever predict.) January As January began, we learned that December 2023 ended with a report that Google settled its $5 Billion “incognito mode” class action lawsuit. “The class action filed in 2020 alleges “at least” $5 billion in damages…

In June, the HIPAA Journal reported a story that seems to be the trifecta of insider threat, third party risk, and medical technology risk. A terminated subcontractor employee of a medical transcription service stole at least one million patient records. The authorities arrested the individual, but it is unclear if any of the records were sold to malicious data brokers. At least one victim has filed a class action lawsuit against the parent company and the subcontractor. This class action lawsuit makes it evident that it is time to add civil litigation to the list of possible consequences as a…