The Office of Inadequate Security
A report by Evan Schuman about recent Marriott settlements with the FTC and state attorneys general suggests that the settlements leave much to be desired. Both settlements have cybersecurity requirements, and the state settlement has a monetary component, but neither is strong enough as far as some experts are concerned. Here’s a snippet or two…
Frank O’Laughlin reports: An investigation is underway after a payroll-related cyberattack led to “unauthorized access” to online payroll accounts and direct deposit information of some state workers, Massachusetts Comptroller William McNamara announced Wednesday night. The Commonwealth is investigating the breach as an apparent “credential harvesting campaign” involving the state’s HR/CMS Employee Self-Service Time and Attendance…
Ryan Marshall reports: A Mount Airy medical office is assuring patients that no data was compromised in a ransomware attack on the office’s computer system discovered last year, part of what federal officials say is a dramatic increase in such incidents in recent years. […] Family Medical Center in Mount Airy reported that it learned…
This is big. From the Council of the EU: The Council adopted today a new law on cybersecurity requirements for products with digital elements with a view to ensuring that products, such as connected home cameras, fridges, TVs, and toys, are safe before they are placed on the market (cyber resilience act). The new regulation…
Dave Muoio reports: Reports of recent cyberattacks and disruptions in patient care have ticked up among healthcare organizations since 2023, with the average attack bringing just under $1.5 million in operational disruptions, according to a new survey analysis. Among 648 IT and security practitioners polled this spring, 92% said their organization had faced at least…
Jonathan Greig reports: One of the top cybersecurity officials in the U.S. said Wednesday that he was especially concerned with Chinese infiltration of the country’s critical infrastructure, as well as software supply chain risks and the continued expansion of ransomware. Although there have been several recent disclosures about Beijing-linked hacking campaigns, National Cyber Director Harry…