LATEST POST
How Merck upped its cybersecurity strategy since the NotPetya cyberattack that led to a $1.4 billion dispute
A costly lesson to learn, but it sounds like Merck learned it. Fortune reports: Cybersecurity has always been a priority, but got even more attention inside Merck after the company was stung by the NotPetya cyberattack in 2017, which reportedly damaged more than 30,000 of the company’s computers. It led to $1.4 billion in claims […]
Four cyber companies fined for SolarWinds disclosure failures
The Record reports that the Securities and Exchange Commission has charged four cybersecurity firms for their disclosures stemming from the SolarWinds incident in 2020: The Securities and Exchange Commission (SEC) charged four companies —- Check Point, Avaya, Unisys and Mimecast — for making “materially misleading” disclosures related to cybersecurity risks and intrusions. Tuesday’s announcement is the result […]
Virginia prosecutor sues alma mater Georgetown over data breach
There are so many data breaches and data leaks every day that potential class action lawsuits or announcements of law firm investigations of breaches seems somewhat de rigueur by now. But not all lawsuits stem from huge breaches. Here’s one that stems from a mistaken configuration that exposed student information for 24 hours. Reuters reports: […]
Change Healthcare Ransomware Attack Cost to Rise to $2.87bn in 2024
The Change Healthcare ransomware attack that was first disclosed in February 2024 continues to cause problems and make headlines. HIPAA Journal reports on the financial impact: The cost of the Change Healthcare ransomware attack has risen to $2.457 billion, according to UnitedHealth Group’s Q3, 2024 earnings report. Revenues in the third quarter increased by 9% year-over-year […]
Two Sudanese nationals indicted for operating the Anonymous Sudan group; DDoSers alleged to attempt to injure or kill
While entities should be concerned about the risk of hacks or attempts to exfiltrate or encrypt data, the risk of a DDoS attack should not be ignored. Distributed Denial of Service (DDoS) attacks can totally disrupt an entity’s website or ability to function. Huge botnets enable serious power slamming websites and preventing them from functioning. […]
Insurance giant Globe Life facing extortion attempts after data theft from subsidiary
The Record reports: Insurance firm Globe Life is being extorted by hackers after data on more than 5,000 people was stolen from a subsidiary. The company told regulators at the U.S. Securities and Exchange Commission (SEC) that it reported the incident to federal law enforcement. “Based on the Company’s investigation to date, which remains ongoing, the Company […]
Can cyberinsurers or reinsurers justifiably refuse to reimburse victims for ransom payments to those on the U.S. sanctioned list?
If your company is the victim of a ransomware attack and you decide you have no choice but to pay the threat actors, can your cyberinsurer or cyberinsurance reinsurer decline to reimburse you if the threat actors you paid are on Treasury’s sanctioned list? Would reimbursing them expose the cyberinsurer or reinsurer to problems with […]