Collaborate Disseminate
In December 2023, UW’s Fred Hutchinson Cancer Center (“Fred Hutch”) reported a November cyberattack that involved the exfiltration of patient data and attempted extortion of patients. DataBreaches contacted Fred Hutch on December 8 t… Continue reading Fred Hutch notifies more patients of November 2023 attack
Jonathan Greig reports that a CISA resource is having a positive effect at both a federal level as well as for non-governmental organizations: The Cybersecurity and Infrastructure Security Agency (CISA) has run its Known Exploited Vulnerabilities (KEV)… Continue reading CISA’s KEV catalog making a positive difference to defenders
For those who would like a timely reminder about making sure you terminate access and take control of devices immediately when an employee or contractor terminates employment, consider this press release from the Southern District of New York on May 1…. Continue reading Former Cybersecurity Consultant Arrested For $1.5 Million Extortion Scheme Against IT Company
Eduard Kovacs reports: Government agencies from the United States, Canada and the United Kingdom are providing recommendations to critical infrastructure organizations following a series of attacks launched by apparent pro-Russia hacktivists against in… Continue reading Russian Hackers Target Industrial Systems in North America, Europe
Zack Whittaker reports: The ransomware gang that hacked into U.S. health tech giant Change Healthcare used a set of stolen credentials to remotely access the company’s systems that weren’t protected by multifactor authentication (MFA), according to the… Continue reading Change Healthcare hackers broke in using stolen credentials — and no MFA, says UHG CEO
Pop Quiz: A company misrepresents what its service can do. An innocent consumer, having relied on their claims, signs up for their service but soon discovers that it cannot do what Sales had assured them it would. Upon discovering the misrepresentation… Continue reading Zoom misrepresents its Global Select service, then won’t cancel and refund? An FTC complaint has now been filed.
Marianne Kolbasuk McGee reports: A second federal judge has recommended the dismissal of a second proposed class action lawsuit against Catholic hospital chain CommonSpirit over a 2022 cyberattack and data breach that affected nearly 624,000 people. Bo… Continue reading Judge Advises Dismissal of CommonSpirit Breach Lawsuit
Two more ransomware incidents that occurred in 2023 were disclosed this week. One was disclosed 10 months after the incident, and the other was disclosed 5 months after the incident. Kisco Senior Living On or about June 15, 2023, BlackByte claimed resp… Continue reading Two ransomware attacks in 2023 first disclosed in April — Kisco Senior Living, Blackstone Valley Community Health Care
Mark Young, Paul Maynard, and Aleksander Aleksiev of Covington and Burling write: In six months’ time, on 17 October 2024, Member State laws that transpose the EU’s revised Network and Information Systems Directive (“NIS2”) will start to apply. As des… Continue reading NIS2 implementation enters the final stretch – six months to deadline
Tom Olson reports: A hacking group with ties to the Russian government is suspected of carrying out a cyberattack in January that caused a tank at a Texas water facility to overflow, experts from US cybersecurity firm Mandiant said Wednesday. The attac… Continue reading Cybersecurity firm suspects Russia-linked hacking group behind cyberattack on Texas water facility