Collaborate Disseminate
UPDATE: Sometime earlier today, after my communication with RansomHub, they removed the April 15 update described in the post from their listing. It has now been replaced with a note: Change HealthCare – OPTUM Group – United HealthCare Gro… Continue reading Data allegedly from Change Healthcare ransomware attack raises more questions than answers (1)
Christopher Snowbeck reports on how the Change Healthcare attack has affected one clinic in Minnesota. His report provides a good illustration of the issues raised by a recent AMA survey of some physicians, reported here previously. From his reporting:… Continue reading Minneapolis therapy clinic sues over cyberattack at UnitedHealth subsidiary
A recent listing on LockBit’s leak site about Crinetics Pharmaceuticals seemed unusual. It included a disclaimer: “Those responsible for the exfiltration of data belonging to this victim have no association, indirect or direct, with the Loc… Continue reading Threat actors walked away from a $1.8 million offer because the victim talked to the media?!
CSRB’s Third Review Focuses on Actions Microsoft, Other Cloud Providers, and the U.S. Government Should Take to Protect Cloud Customers WASHINGTON – Today, the U.S. Department of Homeland Security (DHS) released the Cyber Safety Review Board’s (CSRB) f… Continue reading Cyber Safety Review Board Releases Report on Microsoft Online Exchange Incident from Summer 2023
Some more analysis of 2023 breaches. Sophos reports that for more than 150 incident response (IR) cases it handled in 2023, cybercriminals abused remote desktop protocol (RDP) in 90% of attacks. This was the highest incidence of RDP abuse since Sophos … Continue reading Cybercriminals Abused Remote Desktop Protocol (RDP) in 90% of Attacks Handled by Sophos Incident Response in 2023
AJ Taylor reports: Sens. Chuck Grassley (R-Iowa) and Ron Wyden (D-Ore.) are holding the United Network for Organ Sharing (UNOS) accountable after a data breach allowed UNOS system users unauthorized access to over a million sensitive patient records. T… Continue reading Grassley, Wyden Probe Data Breach that Exposed 1.5 Million Organ Transplant Patients’ Sensitive Data
There is an update to a data leak incident discovered and reported by independent researcher Jelle Ursem and DataBreaches.net in April 2021. Top Class Actions reports that Med-Data, a business associate that handles health insurance claims data, has a… Continue reading Med-Data data leak $7M class action settlement
Hunton Andrews Kurth writes that on March 13, 2024, the Federal Communications Commission’s updates to the FCC data breach notification rules (the “Rules”) went into effect despite legal challenges. The rules were adopted in December 2023 pursuant to a… Continue reading FCC Updated Data Breach Notification Rules Go into Effect Despite Challenges
Mathew J. Schwartz reports: How might banning ransomware victims from paying a ransom to their attacker work in practice? As ransomware groups are causing massive damage and disruption and showing no signs of stopping, Ciaran Martin, the former head of… Continue reading Banning Ransom Payments: Calls Grow to ‘Figure Out’ Approach
March 5. The U.S. Department of Health and Human Services (HHS) is aware that Change Healthcare – a unit of UnitedHealth Group (UHG) – was impacted by a cybersecurity incident in late February. HHS recognizes the impact this attack has had on health ca… Continue reading HHS Statement Regarding the Cyberattack on Change Healthcare