Remarks at a UN Security Council Briefing on Ransomware Attacks against Hospitals and Other Healthcare Facilities and Services

Anne Neuberger Deputy National Security Advisor of the United States New York, New York November 8, 2024 AS DELIVERED Thank you, Mr. President. Good morning. My name is Anne Neuberger and since 2021, I have had the privilege of coordinating the United … Continue reading Remarks at a UN Security Council Briefing on Ransomware Attacks against Hospitals and Other Healthcare Facilities and Services

Still in the dark: A “500 marker” is updated, but too many still aren’t. Is HHS doing anything about this??

In March 2024, LockBit3.0 added Redwood Coast Regional Center  (RCRC) to its leak site. On May 3, RCRC notified HHS of the March 6 incident, reporting that 500 patients had been affected. RCRC only recently updated that report to indicate that 24,937 p… Continue reading Still in the dark: A “500 marker” is updated, but too many still aren’t. Is HHS doing anything about this??

Professional Probation Services leak exposed almost half a million probationers’ personal info

If you say you always do right, then you should do right, right? Ouch. Over on infosec.exchange, @Jayeltee recently wrote: Professional Probation Services ( www.ppsfamily.com ) exposes almost 500,000 US probationers private data publicly, SSNs included… Continue reading Professional Probation Services leak exposed almost half a million probationers’ personal info

HHS Office for Civil Rights Settles HIPAA Ransomware Cybersecurity Investigation for $90,000

HHS OCR announced a second ransomware investigation settlement today. This one involved Bryan County Ambulance Authority (BCAA), a provider of emergency medical services in Oklahoma.  The Bryan County Ambulance Authority breach occurred in November 202… Continue reading HHS Office for Civil Rights Settles HIPAA Ransomware Cybersecurity Investigation for $90,000

How many similar breaches can one entity have in one year before regulators do something?

How many data breaches can an entity have before either some regulator steps in with a corrective action plan or something happens to reduce the likelihood of more breaches?  Consider the following: Breach # 1 On February 22, 2022, Minuteman Senior Ser… Continue reading How many similar breaches can one entity have in one year before regulators do something?

North Korean Group Collaborates with Play Ransomware in Significant Cyber Attack

Ravie Lakshmanan reports: Threat actors in North Korea have been implicated in a recent incident that deployed a known ransomware family called Play, underscoring their financial motivations. The activity, observed between May and September 2024, has b… Continue reading North Korean Group Collaborates with Play Ransomware in Significant Cyber Attack

Albany ENT & Allergy Services settles state charges stemming from two patient data breaches; agrees to spend $2.25M on security program

In April 2023, DataBreaches reported two ransomware groups had each listed Albany ENT & Allergy Services (AENT)  on their respective leak sites. But one month later, when AENT sent notifications to regulators and 224,486 affected employees and pati… Continue reading Albany ENT & Allergy Services settles state charges stemming from two patient data breaches; agrees to spend $2.25M on security program

School ransomware attacks are on the rise. What can districts do?

Kara Arundel reports: … Ransomware — where threat actors use malware to block access to network systems and then demand payment to unlock it — has been ballooning in the K-12 sector over the last seven years, according to the K12 Security Informa… Continue reading School ransomware attacks are on the rise. What can districts do?