Release Date: March 02, 2023 Alert Code: AA23-061A SUMMARY Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations…
Category: Commentaries and Analyses
Minneapolis Public Schools systems restored, no ransom paid
Jeremiah Jacobsen has an update to the “encryption event” previously disclosed by Minneapolis Public Schools (MPS). [Note: MPS’s phrase “encryption event” appeared to be a ridiculous — and dare we say, sleazy– attempt not to call it a “ransomware attack.” The district still has not described it as ransomware attack.] Minneapolis Public Schools released a…
HHS OCR creates new HIPAA enforcement arm and enhances focus on cybersecurity and privacy oversight
Marcy Wilder, Scott Loughlin, Melissa Bianchi, Paul Otto, and Alyssa Golay of Hogan Lovells write: This week the U.S. Department of Health and Human Services, the agency responsible for HIPAA enforcement, announced the formation of three new divisions within the Office for Civil Rights (“OCR”). The new divisions – Enforcement, Policy, and Strategic Planning –…
Lubbock Heart and Surgical Hospital sued for breach where no one knows for sure whether data was accessed or acquired
If the victim of a cyberattack cannot determine whether data was accessed or acquired, should that increase the damages sought by plaintiffs in a class action suit? Or should it get the suit tossed out because the plaintiffs can’t prove any theft of their data? Kelly Mehorter reports about a class action lawsuit filed against…
Little Rock school district seeks cyberattack disclosure guidance
Arkansas Online reports: The Little Rock School District is continuing to seek an attorney general’s opinion on the legality of holding private school board meetings when reacting to a cyber- or ransomware attack on a district’s electronic information systems. Little Rock Superintendent Jermall Wright sent a lengthy letter in January to the attorney general’s office…
Hong Kong: Data Security Measures Guidance published by the PCPD
Anna Gamvros (HK) and Edward Yau (HK) of Norton Rose Fulbright write: As data breaches and cyber attacks continue to surge and attackers become more sophisticated, organisations are well aware that the need for robust data security measures is becoming increasingly important. In Hong Kong, the Office of the Privacy Commissioner for Personal Data (the PCPD)…