Commentaries and Analyses – Page 216

Exotic Lily is a business-like access broker for ransomware gangs

Posted on March 19, 2022 by Dissent

Jeff Burt reports: A group with links to high-profile ransomware crews Conti and Diavol is working as an internet access broker (IAB) for a Russia-linked cybercriminal gang, according to Google’s Threat Analysis Group (TAG). Exotic Lily gains access to vulnerable corporate networks then sells that access to the highest bidder among threat groups, which then…

Shooting the Whistleblower? Defamation Suit Claims Nuance Communications Gave False Info to FBI, SEC, Retaliated Against Whistleblower

Posted on March 18, 2022 by Dissent

There is an interesting lawsuit stemming from an incident that had previously been claimed to be a rogue insider’s doing. Now Marc Stolowitz, the former employee, is suing the firm, Nuance Communications, claiming that the firm falsely accused him of hacking them to cover up the fact that he was in the process of blowing…

And as the work week draws to a close… (updated)

Posted on March 18, 2022 by Dissent

And as this work week drew to a close, we also learned about these breaches involving patient data that were reported to HHS earlier this month: Dialyze Direct, LLC in New Jersey notified HHS that 14,203 patients were impacted by an incident they coded as a hacking/IT incident involving email. There is no statement on…

HIPAA’s Role in Setting Good Security

Posted on March 18, 2022 by Dissent

Matt Fisher writes: The Office for Civil Rights is promoting HIPAA as being able to prevent or substantially mitigate the impacts of a cyber attack. It is a bold statement from OCR and one that bears unpacking. Why is OCR asserting that HIPAA can prevent or substantially mitigate a cyber attack? The primary answer is…

While questions about RaidForums remain unanswered, BreachForums opens

Posted on March 18, 2022 by Dissent

On February 25, popular hacking-related forum RaidForums.com (RF) appeared to have been seized. It was not the first time it had appeared to have problems, but in the past, the owner, “Omnipotent” had reappeared briefly to restore the site somewhat. Now it did not appear to be working at all and had been replaced by…

OCR Cybersecurity Newsletter: Defending Against Common Cyber-Attacks

Posted on March 17, 2022 by Dissent

From OCR’s newsletter today: Throughout 2020 and 2021, hackers have targeted the health care industry seeking unauthorized access to valuable electronic protected health information (ePHI). The number of breaches of unsecured ePHI reported to the U.S Department of Health and Human Service’s Office for Civil Rights (OCR) affecting 500 or more individuals due to hacking…