It’s not unusual for ransomware groups to comment on a victim’s incident response in a negative way. Nor is it unusual for these groups to carefully monitor media coverage. It is somewhat unusual, though, for a major group to get so angry at researchers or news outlets that they actually call them all out by […]
BianLian, previously known as a ransomware gang but more recently known for not bothering with encryption but just hacking and exfiltrating data, has reportedly attacked Save the Children, a well-known non-profit. While BianLian did not name the charity (they obfuscate their victims’ names while they are still hoping to get paid), their description of the […]
Hotel and casino operator MGM Resorts is dealing with a cyberattack that has somewhat sent it back into the digital dark ages at multiple properties and locations. On September 11, MGM Resorts posted a statement on its Twitter account confirming that it was dealing with what it described as a cybersecurity incident. They did not […]
Today, the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) announced a settlement of potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Rules with LA Care, the nation’s largest publicly operated health plan that provides health care benefits and coverage through state, federal, and commercial programs. OCR enforces the HIPAA […]
The MOVEit data breach, discussed in an earlier post, continues to make headlines. As SDX reports: Orchestrated by ransomware gang CL0P exploiting a zero-day vulnerability, it is now considered one of the largest hacks of 2023 — and potentially in recent history. To date, it is known to have impacted more than 1,150 organizations and nearly 56 million individuals, […]
In September 2021, Jackson County Schneck Memorial Hospital (Schneck Medical Center) in Indiana disclosed that they had been a victim of a cyberattack. Their first statement is no longer available on their website but was archived by a news site. That statement did not disclose that personal and protected health information had been accessed and […]
One, in the absence of any specific law or regulation the person who was hacked is not required to notify anyone, including the people whose information was accessed, that their information was compromised. That is why access to the below specific notification requirements is critically important. Two, if there is a requirement to notify people […]
After it has been determined that a breach has taken place, there are various tasks that need to be done that are usually not in the sweet spot of the person that has been breached. Several vendors pretend they have a vertically integrated, one stop shop, solution. They don’t. They use third-party vendors who hide […]
Most data breaches involve some level of victim human error, which theoretically employee training can address. Human error can take the form of clicking on a link, where the email address of the sender is unknown to the person clicking on the link. Malware then enters the scene. Another common human error scenario involves phishing […]
