Collaborate Disseminate
Michael Phillis and Matthew Daly report: Cyberattacks against water utilities across the country are becoming more frequent and more severe, the Environmental Protection Agency warned Monday as it issued an enforcement alert urging water systems to tak… Continue reading US says cyberattacks against water supplies are rising, and utilities need to do more to stop them
On September 25, 2023, Riverdale Mental Health d/b/a Mosaic Mental Health (“MOSAIC”) notified HHS of an incident that affected 7,281 patients. The incident was coded as a “hacking/IT incident” involving their network, but no fur… Continue reading Mosaic Mental Health notifies patients of breach
Financial and insurance organizations have been under increasing attack by Scattered Spider. Now there is more guidance for entities. Hunton Andrews Kurth notes: On May 14, 2024, the UK National Cyber Security Centre (“NCSC”) and three major UK insuran… Continue reading UK NCSC and Insurance Associations Publish Guidance on the Approach to Ransom Payments
Connor Jones reports: Emotional intelligence was at the heart of the British Library’s widely hailed response to its October ransomware attack, according to CEO Roly Keating. The British Library’s (BL) ransomware attack last year was one of… Continue reading British Library’s candid ransomware comms driven by ’emotional intelligence’
Seen at GPDP: Telemarketing: the Privacy Guarantor sanctions Enel Energia The company had not protected its databases from access by abusive touts The Privacy Guarantor has imposed a fine of over 79 million euros on Enel Energia for serious shortcoming… Continue reading Telemarketing: the Privacy Guarantor sanctions Enel Energia. The company had not protected its databases from access by abusive brokers
Here’s your “definitely want to read this one today” piece. Zack Whittaker reports: The incoming phone call flashes on a victim’s phone. It may only last a few seconds, but can end with the victim handing over codes that give cybercri… Continue reading ‘Got that boomer!’: How cybercriminals steal one-time passcodes for SIM swap attacks and raiding bank accounts
The Cybersecurity and Infrastructure Security Agency (CISA) issued an alert on Black Basta this week. The alert was likely released this week because the attack on Ascension that is disrupting that health system has been attributed to Black Basta. The … Continue reading CISA Advisory: #StopRansomware: Black Basta
LockBit’s old leak site — the one seized by a coalition of law enforcement agencies under Operation Cronos — has been resurrected. As it did in February when LockBit victim listings were replaced by teasers about what information law … Continue reading Will feds reveal anything exciting about LockBit and LockBitSupp?
A notification by Guardant Health, Inc. in California (“Guardant”) caught DataBreaches’ eye yesterday. Guardant is a laboratory that performs cancer screening tests on samples received from its physician and hospital partners. Patient information… Continue reading Guardant notifies patients of unintended information exposure going back to October 2020
In December 2023, UW’s Fred Hutchinson Cancer Center (“Fred Hutch”) reported a November cyberattack that involved the exfiltration of patient data and attempted extortion of patients. DataBreaches contacted Fred Hutch on December 8 t… Continue reading Fred Hutch notifies more patients of November 2023 attack