Privacy Briefs: August 2022

By Jane Anderson

◆ The Department of Justice (DOJ) seized around $500,000 in Bitcoin ransom paid by two health care organizations in Kansas and Colorado to North Korean ransomware actors and their conspirators.[1] The seizure of the two ransoms resulted from “rapid reporting and cooperation from a victim” and disrupted activities of a North Korean state-sponsored group known as “Maui,” Deputy Attorney General Lisa Monaco told attendees July 19 at the International Conference on Cyber Security. The reporting also allowed investigators to identify a previously unknown strain of ransomware, Monaco said. According to court documents, hackers used Maui in May 2021 to encrypt the files and servers of a Kansas medical center. After more than a week of being unable to access encrypted servers, the Kansas hospital paid approximately $100,000 in Bitcoin to regain the use of their computers and equipment. Because the medical center notified the FBI and cooperated with law enforcement, the FBI was able to identify the ransomware and trace the cryptocurrency to China-based money launderers, the DOJ said. Then, in April 2022, the FBI observed an approximately $120,000 Bitcoin payment move into one of the identified cryptocurrency accounts. The investigation confirmed that a medical provider in Colorado had just paid a ransom after being hacked by actors using the same Maui ransomware strain. In May, the FBI seized the contents of two cryptocurrency accounts that had received funds from the Kansas and Colorado health care providers and began proceedings to return the funds to the victims.

◆ A sweeping bipartisan federal privacy bill that already has been approved by a key House subcommittee is facing headwinds in the form of massive corporate lobbying aimed at derailing it.[2] The American Data Privacy and Protection Act, which would restrict the types of data companies can collect from online users and how they can use that data, is the result of years of negotiations between Democratic and Republican lawmakers. Its provisions would impact companies in every consumer-centric industry that compiles massive amounts of user data and relies on targeted ads to attract customers. It would tremendously impact entities that currently collect, process and transmit health information but are not subject to HIPAA. The proposed legislation would override most state privacy laws, as Republicans have sought, in exchange for granting consumers a right to bring lawsuits against violators, which Democrats have called for.[3] However, several key senators have expressed concerns about the legislation’s provisions. Some California-based representatives have said they will not support the bill if it overrides California’s extensive privacy protections. In addition, the proposal has become one of the most lobbied bills in Congress, drawing attention from more than 180 corporate clients, including Amazon, the Walt Disney Corporation and Target, according to data from research group OpenSecrets.

This document is only available to subscribers. Please log in or purchase access.
Purchase Login
 


Would you like to read this entire article?

If you already subscribe to this publication, just log in. If not, let us send you an email with a link that will allow you to read the entire article for free. Just complete the following form.

* required field

First name field cannot be blank!
Last name field cannot be blank!
We will send you an email that will give you access to this entire article.
Email field cannot be blank!
Enter a valid email!
Company field cannot be blank!
Enter a valid company!
Title field cannot be blank!

We're committed to your privacy. The Society of Corporate Compliance and Ethics (SCCE) & Health Care Compliance Association (HCCA) uses the information you provide us to contact you about our relevant content, products, and services. For more information, check out our Privacy Policy.


About SCCE

The Society of Corporate Compliance and Ethics (SCCE) is a non-profit, member-based professional association. SCCE supports our members' work with education, news, and discussion forums. We are a community of leaders, defining and shaping the corporate compliance environment across a wide range of industries and geographic regions. In developing and maintaining effective ethics and compliance programs, our members strengthen and protect their companies.

952.933.4977

About HCCA

The Health Care Compliance Association (HCCA), is a 501(c)6 non-profit, member-based professional association. HCCA was established in 1996 and is headquartered in Minneapolis, MN. We provide training, certification, and other resources to over 10,000 members. Our members include compliance officers and staff from a wide range of organizations, including hospitals, research facilities, clinics and technology service providers.

952.988.0141

Facebook Twitter LinkedIn
Copyright © 2024 by Society of Corporate Compliance and Ethics (SCCE) & Health Care Compliance Association (HCCA). No claim to original US Government works. All rights reserved. All information provided through this site, including without limitation all information such as the “look and feel” of the site, data files, graphics, text, photographs, drawings, logos, images, sounds, music, video or audio files on this site, is owned and/or licensed by SCCE & HCCA or its suppliers and is subject to United States and international copyright, trademark and other intellectual property laws. Any third party logos and/or content provided herein is owned by such third parties and is used by permission herein. Your use of this site to is subject to our Terms Of Use and Privacy Statement.
Cookie settings