Energy, financial services, food and agriculture, healthcare, information technology, defense industrial base, and other critical infrastructure entities in the United States will face new cyber incident reporting requirements as a result of the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (the Act), enacted by the U.S. Congress on March 10, 2022. Read more…
Category: Commentaries and Analyses
Protenus releases the 2022 Breach Barometer report on health data breaches: More than 50 million affected
Protenus, a healthcare compliance analytics company, has released its annual Breach Barometer report. Protenus has been making its annual report on health data incidents freely available since 2016 as the result of an ongoing collaboration between the firm and DataBreaches.net. DataBreaches.net compiles incidents and provides some of their statistical analyses and is compensated for its…
UK’s ICO hits criminal defense firm Tuckers Solicitors with monetary penalty after ransomware attack
There’s an interesting monetary penalty notice involving a UK law firm stemming from a ransomware attack in 2020 and the ICO’s investigation of their data protection and security. The Information Commissioner announced today that it has issued Tuckers Solicitors a monetary penalty under section 155 of the Data Protection Act 2018 (“the DPA”). The penalty…
Yet more data from the Sea Mar Community Health Center data breach appears on the internet
If Herman’s Hermits sang about the latest development in the Sea Mar Community Health Center data breach, they’d probably sing: Third verse, same as the first A little bit louder and a whole lot worse Last month, DataBreaches.net reported that Sea Mar Community Health Center in Washington state had been sued in November, weeks after…
China state-backed hackers compromised networks of at least 6 U.S. state governments, research finds
Arjun Kharpal reports: A Chinese state-sponsored hacking group successfully compromised the computer networks of at least six U.S. state governments between May 2021 and February this year, according to research published by cybersecurity firm Mandiant on Tuesday. The group, known as APT41, allegedly exploited vulnerabilities in web applications to get their initial foothold into state government networks, Mandiant said….
“Alexa, hack yourself” – researchers describe new exploit that turns smart speakers against themselves
Graham Cluley reports: Researchers have discovered a novel way of exploiting Amazon Echo smart speakers to perform commands. They get the Amazon Echo speaker to say the commands to itself. In a technical paper, researchers from London’s Royal Holloway University in London and the University of Catania in Italy describe their findings, which exploits how an…