The MOVEit data breach, discussed in an earlier post, continues to make headlines. As SDX reports: Orchestrated by ransomware gang CL0P exploiting a zero-day vulnerability, it is now considered one of the largest hacks of 2023 — and potentially in recent history. To date, it is known to have impacted more than 1,150 organizations and nearly 56 million individuals, […]
In September 2021, Jackson County Schneck Memorial Hospital (Schneck Medical Center) in Indiana disclosed that they had been a victim of a cyberattack. Their first statement is no longer available on their website but was archived by a news site. That statement did not disclose that personal and protected health information had been accessed and […]
One, in the absence of any specific law or regulation the person who was hacked is not required to notify anyone, including the people whose information was accessed, that their information was compromised. That is why access to the below specific notification requirements is critically important. Two, if there is a requirement to notify people […]
After it has been determined that a breach has taken place, there are various tasks that need to be done that are usually not in the sweet spot of the person that has been breached. Several vendors pretend they have a vertically integrated, one stop shop, solution. They don’t. They use third-party vendors who hide […]
Most data breaches involve some level of victim human error, which theoretically employee training can address. Human error can take the form of clicking on a link, where the email address of the sender is unknown to the person clicking on the link. Malware then enters the scene. Another common human error scenario involves phishing […]
