A phishing campaign targeting a company that administers student health plans demonstrates the regulatory issues that arise when the personal information of students is compromised. That's because it's unclear whether HIPAA or the Family Educational Rights and Privacy Act may apply.
Another lawsuit seeking class action status was filed last week against San Antonio-based NEC Networks - which does business as CaptureRx - in the aftermath of a hacking incident that now appears to have affected several dozen of the vendor's healthcare clients and at least 2.4 million individuals.
This edition of the ISMG Security Report features an analysis of ongoing investigations into the use of NSO Group's Pegasus spyware to spy on dissidents, journalists, political rivals, business leaders and even heads of state - and discussion of whether the commercial spyware business model should be banned.
A bipartisan group of senators introduced a federal breach notification bill Wednesday that would require federal agencies, federal contractors and organizations that are considered critical to U.S. national security to report security incidents to CISA within 24 hours of discovery.
The number of U.S. healthcare entities affected by a recent cyber incident targeting a Sweden-based provider of oncology radiation systems and related services is growing. Some security experts say this points to the additional risks offshore business associates can pose to their clients.
is rewriting what a
successful financial services
organization looks like.
However, running an information-driven business in
this sector does not come without its challenges!
Finance is one of the most targeted industries by
cybercriminals. The rate of data breaches within
Forefront Dermatology S.C., a Wisconsin-based dermatology practice with affiliated offices in 21 states plus Washington, D.C., is notifying 2.4 million patients, employees and clinicians of a recent hacking incident. The attack apparently involved a ransomware strain known as "Cuba."
Clothing retailer Guess suffered a ransomware attack and data breach earlier this year that exposed personal information - including Social Security numbers, driver's license and passport numbers, and financial details - for an unspecified number of individuals.
The insurance company CNA Financial Corp. has acknowledged that the cyber incident the company sustained in March was a ransomware attack and that it has notified 75,000 individuals that their data may have been compromised
Investment banking giant Morgan Stanley is the latest company to report a data breach tied to zero-day attacks on Accellion's legacy File Transfer Appliance - yet another indicator of the sustained impact of supply chain attacks.
This edition of the ISMG Security Report features three segments on battling ransomware. It includes insights on the Biden administration's efforts to curtail ransomware attacks, comments on risk mitigation from the acting director of CISA, plus suggestions for disrupting the ransomware business model.
The Biden administration has a message for Russia: Rein in the criminal hackers operating from inside your borders who hit Western targets, or we'll do it for you. But experts say disrupting ransomware will take more than diplomacy or even using offensive cyber operations to target criminal infrastructure.