Joe Uchill reports: It’s taking longer to negotiate ransomware demands. That is a good thing. Law firm BakerHosteler, which handles more than 1,250 cyber-related incidents a year, said in its annual Data Security and Incident Response report that the typical ransomware negotiation for its clients in 2021 lasted eight days. That is roughly twice as long as…
Category: Commentaries and Analyses
The Original APT: Advanced Persistent Teenagers
Brian Krebs reports: Many organizations are already struggling to combat cybersecurity threats from ransomware purveyors and state-sponsored hacking groups, both of which tend to take days or weeks to pivot from an opportunistic malware infection to a full blown data breach. But few organizations have a playbook for responding to the kinds of virtual “smash…
ANNOUNCE: HHS’ Office for Civil Rights Seeks Public Comment on Recognized Security Practices and Sharing Civil Money Penalties and Monetary Settlements Under the HITECH Act
The U.S. Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) today released a Request for Information (RFI) seeking input from the public on two requirements of the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH Act), as amended in 2021. The growing number of cybersecurity threats are…
Cyberwar: Are attacks by Russian hackers still covered by cyber insurance? Germany’s perspective (for now)
Google translation: In the wake of Russia’s attack on Ukraine, there are fears that Russia will launch a broad-based cyber war. Western countries could also become the focus of Russian cyber attacks. In this context, it can be expected that cyber insurers will invoke the so-called war exclusion and refuse to pay benefits. However, the considerations made by…
Would Sea Mar Community Health even know about large patient data dumps if not for DataBreaches.net?
The chronology of Sea Mar Community Health Center’s responses to a massive data breach suggests that they may be first learning of data dumps because of notifications by DataBreaches.net or this site’s reporting of our discoveries. If true, what does that say about their security and incident response? A DataBreaches.net commentary. Since 2021, DataBreaches.net has…
APT10: These sneaky hackers hid inside their victims’ networks for nine months
Danny Palmer reports: A hacking and cyber espionage operation is going after victims around the world in a widespread campaign designed to snoop on targets and steal information. Identified victims of the cyber attacks include organisations in government, law, religious groups, non-governmental organisations (NGOs), the pharmaceutical sector and telecommunications. Multiple countries have been targeted, including…