Roman Meitav reports: A serious security breach in the Shas Party’s computerized election management system has left it vulnerable to easy exploitation, even by those with only basic knowledge of cybersecurity, according to tech experts. The breach in the system, which contains not just the data of Shas supporters and activists but rather the information of all Israeli…
Category: Commentaries and Analyses
After CommonSpirit ransomware attack: Why healthcare M&A is a ‘huge’ cybersecurity risk
Samantha Liss reports: As CommonSpirit Health, formed by the merger of Dignity Health and Catholic Health Initiatives in 2019, continues to deal with the fallout from a ransomware attack three weeks ago, security experts say such tie-ups and acquistions make healthcare systems more vulnerable to security breaches. M&A in healthcare “creates a huge risk” and a…
Microsoft links Raspberry Robin worm to Clop ransomware attacks
Sergiu Gatlan reports: Microsoft says a threat group tracked as DEV-0950 used Clop ransomware to encrypt the network of a victim previously infected with the Raspberry Robin worm. DEV-0950 malicious activity overlaps with financially motivated cybercrime groups tracked as FIN11 and TA505, known for deploying Clop payloads ransomware on targets’ systems. Read more at BleepingComputer
As Cybersecurity Awareness Month draws to a close, phishing incidents still pose a challenge
Despite attempts to educate employees and consumers how not to fall for phishing attacks, they continue to pose a significant risk to businesses and individuals. Here are just three current news items from different sectors that all show the impact of phishing. Kristen Jordan Shamus reports: The personal information of about 33,850 Michigan Medicine patients…
California Appellate Court In Ruling of First Impression Affirms Denial of Class Certification in Data Breach Involving Confidential Medical Information
Kristin L. Bryan of Squire Patton Boggs writes about a lawsuit stemming from an insider wrongdoing situation first reported in 2018: Last month a California appellate court affirmed (for the first time among any state appellate courts to consider the issue) the lower court’s denial of class certification for claims brought under the Confidentiality of…
HIPAA Security Rule Security Incident Procedures
HHS OCR’s October newsletter begins: Every October, in recognition of National Cybersecurity Awareness Month, the federal government and its partners work to educate stakeholders on cybersecurity awareness and how best to protect the privacy and security of confidential data. Within the health care industry, the HIPAA Security Rule1 applies to covered entities2 and their business associates3 (“regulated entities”)…