Bill Toulas reports: A regional U.S. government agency compromised with LockBit ransomware had the threat actor in its network for at least five months before the payload was deployed, security researchers found. Logs retrieved from the compromised machines showed that two threat groups had compromised them and were engaged in reconnaissance and remote access operations….
Category: Commentaries and Analyses
At small and rural hospitals, ransomware attacks are causing unprecedented crises
Marion Renault reports: At 12:08 p.m. on a Monday, a Sky Lakes Medical Center employee tapped an email link. Within minutes, that click cracked open the Oregon hospital’s digital infrastructure for cybercriminals to infiltrate. By the time IT staff started looking into it, “everything was being encrypted,” said John Gaede, director of information services. On…
NYS Comptroller releases more school district IT Audits
Readers may want to read the full LaFargeville report, linked below, because it provides information to school districts about best practices and recommendations for how to accomplish certain security goals. LaFargeville Central School District – Information Technology (Jefferson County) Key Findings District officials did not establish adequate IT controls over physical IT assets and non-student user…
War stirs up cybercrime
(Machine translation of German-language article at zdf.de). Peter Wering reports: ….. Russian groups are currently making little ransom from ransomware attacks…. That is why Russian IT criminals have partially relocated their activities to Ukraine. There they are attacking Ukrainian IT infrastructure on behalf of the Kremlin. But they also use the Internet connections there to…
Greencore case highlights risk of employee data breach claims
The following was reported on March 17 by Claudia Glover: A data breach at UK food manufacturer Greencore could end up proving costly for the company, with a group of current and former employees seeking legal advice on whether to sue the business if their personal information was compromised. Employee data breach claims are becoming…
HHS OCR Issues Annual HIPAA Reports to Congress
Chris Bennington of Epstein Becker Green writes, in part: The HITECH Act requires OCR to issue annual reports to Congress of HIPAA breaches and complaints received by OCR during the calendar year. For 2020, OCR reported that it received 656 notifications of breaches affecting 500 or more individuals, 66,509 notifications of breaches affecting fewer than…