Tim Tobin, Harriet Pearson, Paul Otto, and Jonathan Hirsch of Hogan Lovells write: On February 4, the New York Department of Financial Services (NYDFS) released Insurance Circular Letter No. 2 (2021), a Cyber Insurance Risk Framework (Framework) for insurers that write cyber insurance. The Framework identifies best practices that property/casualty insurers “should employ” to manage…
Month: February 2021
SG: Undertaking by StarMed Specialist Centre Pte Ltd
The Personal Data Protection Commission of Singapore announced a new undertaking this week. The incident that led to the investigation was a ransomware attack on a medical entity, and findings included that the entity had left RDP open and had weak login credentials, among other concerns. The undertaking was to get them to harden their…
PH: Cashalo hit with data breach, but says accounts not compromised
Xave Gregorio reports: Fintech platform Cashalo reported Saturday it has been hit by a data breach, but assured that accounts and passwords of their users have not been compromised as these have been encrypted. Cashalo said it discovered two days ago that there was “unauthorized access” to a database archive containing some personal data of…
Patient data at risk as doctors communicate with Facebook, WhatsApp
Domanii Cameron reports: Doctors at public and private hospitals are having to consult about their patients via Facebook and messaging apps, prompting calls for a real-time messaging platform. Rural Doctors Association of Australia president John Hall told The Sunday-Mail he had witnessed the issue first-hand while claiming it was widespread practice. Read more on Herald Sun (AU.
Update to Chatham County ransomware attack
There’s an update to a previously reported ransomware attack by DoppelPaymer threat actors on Chatham County, North Carolina. Read the update in Courier-Tribune. They report that the ransomware entered the county network through a phishing email with a malicious attachment. In related news, the News & Observer reports that the ransom demand had been worth…
Underwriters Laboratories (UL) certification giant hit by ransomware
Lawrence Abrams reports: UL LLC, better known as Underwriters Laboratories, has suffered a ransomware attack that encrypted its servers and caused them to shut down systems while they recover. […] BleepingComputer has learned that UL suffered a ransomware attack last weekend that encrypted devices in their data center. Read more on BleepingComputer.