In late January, Lurie Children’s Hospital took its phones, email, electronic health records system, and patient portal offline to deal with a ransomware attack. As a result, some patient care was disrupted or delayed. The hospital would not meet the threat actor’s demands for more than $3 million, and it wasn’t until a month later […]
Researchers at Sentinel Labs and Recorded Future report that Chinese-linked cyberespionage campaigns are increasingly deploying ransomware. CyberScoop reports that their research suggests that ransomware is reportedly used in the final stage of cyberespionage operations to either make money, distract adversaries, or make it more difficult to attribute their work: The report that Chinese hackers are […]
Data Breach Review – What is It, Who Does It, and What to Watch Out For As noted in the Overview of this series, if an investigation into a breach indicates that personally identifiable information (PII) or protected health information (PHI) was involved, a data breach review is required. The Data Breach Times turned to […]
A series of articles on the processes involved in responding to a data breach. Overview By now, most business owners know that it is not a question of whether, but rather, when, your business will suffer a data breach. Depending on what laws apply to your business, you may only have a matter of days […]
The following announcement was issued by the Office of the Privacy Commissioner of Canada on June 10. The Data Breach Times has previously reported on the 23andMe data breach.
When a rural hospital suffers a cyberattack that may knock it offline or encrypt all of its systems and patient records, the human cost can be enormous. Sadly, it is not unusual for criminal groups to attack hospitals, believing that they will have no choice but to pay extortion demands. In a statement issued Monday […]
In a week when some big data breaches, like Ticketmaster and Santander, have already been disclosed and confirmed, yet another big breach is now being claimed. An individual calling themself “Sp1d3r” claims to have acquired data on 190 million people who contacted QuoteWizard to get quotes on insurance. The threat actor claims the data includes: […]
Snowflake has issued a statement disputing claims made by some threat actors that were published by a security vendor. The vendor, in response to a legal threat from Snowflake, subsequently deleted their article. The Hacker News reports: Cloud computing and analytics company Snowflake said a “limited number” of its customers have been singled out as […]
In February, Cencora (formerly known as AmerisourceBergen/Lash Group) filed notice of a cybersecurity incident with the Securities and Exchange Commission: On February 21, 2024, Cencora, Inc. (the “Company”), learned that data from its information systems had been exfiltrated, some of which may contain personal information. Upon initial detection of the unauthorized activity, the Company immediately took containment […]
Supreme Court Restricts Ability of Federal Agencies To Issue Fines
The Supreme Court issued a decision today that could limit federal agencies attempting to impose fines for data security violations or breaches. Although the decision in Securities and Exchange Commission v. Jarkesy did not involve data security or a data breach, the issue before the court involved the agency’s authority to charge someone with a violation […]