Collaborate Disseminate
September 12, 2023 TLP:CLEAR Report: 202309121400 Akira Ransomware Executive Summary Akira is a Ransomware-as-a-Service (RaaS) group that started operations in March 2023. Since its discovery, the group has claimed over 60 victims, which have typically… Continue reading HC3: Sector Alert: Akira Ransomware
A statement and FAQ by the Chambersburg Area School District, as shared by TriState Alert, appears below.The district offers its reasons (translation: excuses) for not answering the questions parents and the public really want to know: did the distric… Continue reading Chambersburg Area School District answers some questions about ransomware attack, won’t say if they paid hackers
Emma Woollacott reports: British businesses could face lower fines if they proactively report data breaches, thanks to an agreement between the UK’s data protection regulator and cybersecurity agency. The Information Commissioner’s Office (ICO) and Nat… Continue reading Disclose data breaches to us proactively, and we’ll lower any fines — ICO
On September 7, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC), in coordination with the United Kingdom, sanctioned 11 individuals who are alleged to be part of the Russia-based Trickbot cybercrime group. At the same time… Continue reading Conti member indicted for role in 2021 Scripps Health ransomware attack
Bill Toulas reports: Hackers use a massive network of fake and compromised Facebook accounts to send out millions of Messenger phishing messages to target Facebook business accounts with password-stealing malware. The attackers trick the targets into d… Continue reading Facebook Messenger phishing wave targets 100K business accounts per week
On August 29, DataBreaches reported that Hospital Sisters Health System (HSHS) and Prevea Health appeared to have been the victims of a ransomware attack. As of today, the notice on Prevea Health states, “HSHS and Prevea are experiencing a system… Continue reading Hospital Sisters Health System’s CFO exits as it continues to handle ‘cybersecurity incident’
Long-time readers may recall a story in January 2017 about a luxury hotel that reportedly paid extortion to ransomware attackers because guests were locked in their rooms. Some of the story was ultimately considered to be fake news, although the whole … Continue reading MGM Resorts hit in disruptive cyberattack
LA Care, the largest publicly operated health plan in the country paid $1,300,000 to settle Today, the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) announced a settlement of potential violations of the Health Insurance Po… Continue reading HHS Office for Civil Rights Settles with L.A. Care Health Plan Over Potential HIPAA Security Rule Violations
Some state and federal laws provide specific timeframes by which breached entities must provide notice to regulators and to those affected by a data breach. Unfortunately, loopholes abound, as we seen in statutory language such as Minnesota’s bre… Continue reading An inexcusable gap from breach to notification, or an excusable one?
Jackson County Schneck Memorial Hospital (Schneck Medical Center) was a victim of a cyberattack in 2021. Its 2021 and 2022 disclosures about the breach and its lack of timely breach notification resulted in a potential class action lawsuit filed in 202… Continue reading Schneck Medical Center settles Indiana Attorney General’s lawsuit over 2021 data breach