Joint Cybersecurity Advisory Product ID: AA22-335A December 1, 2022 TLP:CLEAR The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint CSA to disseminate known Cuba ransomware IOCs and TTPs associated with Cuba ransomware actors identified through FBI investigations, third-party reporting, and open-source reporting. This advisory updates the…
Category: Commentaries and Analyses
Vanuatu officials turn to phone books and typewriters, one month after cyber attack
At the end of October, the tiny South Pacific archipelago of Vanuatu was hit by a cyberattack with devastating consequences. They officially acknowledged the incident as an attack on November 5. Now, almost a month later, they are still struggling to recover. Christopher Cottrell reports: One month after a cyber-attack brought down government servers and…
De: Klinikum Lippe hospital decrypts data after “intensive negotiations” with ransomware attackers
The Klinikum Lippe describes itself as one of the largest municipal hospitals in Germany and part of the University Hospital OWL of the University of Bielefeld. On November 17, they detected a significant cyberattack that impacted all three of their locations: Detmold, Lemgo, and Bad Salzuflen. From its own statements, it appeared that the hospital…
Connexin Software notifies parents of 2.2 million pediatric patients of hack
Connexin Software, a business associate to numerous pediatric practices, recently notified HHS that it experienced a breach that affected 2,216,365 patients. One thing DataBreaches noted with interest in their substitute notice below is their statement that an unauthorized individual was able to access an offline set of patient data used for data conversion and troubleshooting. …
One Brooklyn Health System offline for more than one week — has it been hit with ransomware?
If it sounds like a ransomware attack and they won’t tell you what’s going on for more than one week, I think ransomware sounds like a reasonable guess, and DataBreaches understands why some people are suggesting that. On November 25, The City reported: The computer network system at a major Brooklyn hospital network has been…
Liability for cyber attacks clarified by Ontario Court of Appeal
Molly Reynolds, Nic Wall, and Shalom Cumbo-Steinmetz of Torys LLP write: The Ontario Court of Appeal released a trilogy of decisions on November 25 on the availability of the “intrusion upon seclusion” tort in data breach class actions. At issue was whether the tort can be used against corporate defendants that had been hacked by…