Two more school district audits were released before the holiday. Nanuet Union Free School District – Network User Accounts and Information Technology Contingency Plan (2022M-135) Issued Date December 09, 2022 Background The District serves the Town of Clarkstown in Rockland County. The District is governed by an elected seven-member Board of Education (Board) that is…
Category: Commentaries and Analyses
Ransomware Needs ‘Physical’ Damage For Insurance, Ohio Court Rules
Daphne Zhang reports: Owners Insurance Co. convinced the Ohio Supreme Court that it has no duty to cover a medical software company’s ransomware-related losses because the attack didn’t cause any property damage. EMOI Services LLC’s insurance policy “requires direct physical loss of or damage to media—Computer software cannot experience direct physical loss or physical damage, because…
“No need to hack when it’s leaking:” the “Here’s how you get a HIPAA complaint” edition
So… regular readers know that DataBreaches has occasionally reported on data security incidents in the healthcare sector that involved leaks due to misconfigurations of GitHub repositories, storage buckets, open directories, etc. Not all of this site’s attempts to disclose leaks responsibly have gone smoothly, as described in a collaborative paper written with Dutch researcher Jelle…
Ransomware attacks hit Iowa schools, including Davenport, although public often left in dark
Maggie Bashore has an article on ransomware attacks hitting Iowa school districts over the past three years that covers a lot of issues, including the costs of cyberinsurance over time and the difficulties smaller districts may have in meeting requirements to even get a policy. She reports, in part: Fringer advises 45 school districts in…
Cyber insurers “missing” key nuances in their underwriting strategies
Bethan Moorcraft reports: Cyber insurers are hyper-focused today on best-practice risk mitigation and cybersecurity protocols. Many carriers have introduced minimum security requirements – such as enabling multi-factor authentication (MFA) for email and remote access, and possibly even using end-point detection and response (EDR) technology – before they’ll even consider writing a policy. This type of…
Cyber attacks set to become ‘uninsurable’, says Zurich chief
Ian Smith reports: The chief executive of one of Europe’s biggest insurance companies has warned that cyber attacks, rather than natural catastrophes, will become “uninsurable” as the disruption from hacks continues to grow. Insurance executives have been increasingly vocal in recent years about systemic risks, such as pandemics and climate change, that test the sector’s…