Commentaries and Analyses – Page 236

US Treasury said it tied $5.2 billion in BTC transactions to ransomware payments

Posted on October 16, 2021 by Dissent

Catalin Cimpanu reports: The financial crimes investigation unit of the US Treasury Department, also known as FinCEN, said today it identified approximately $5.2 billion in outgoing Bitcoin transactions potentially tied to ransomware payments. FinCEN officials said the figure was compiled by analyzing 2,184 Suspicious Activity Reports (SARs) filed by US financial institutions over the last…

Quebec’s Bill 64 Introduces Unique Cyber Incident Reporting Obligations

Posted on October 15, 2021 by Dissent

Charles S. Morgan, Ellen Yifan Chen, and Philippe April of McCarthy Tétrault LLP write: The Act to Modernize Legislative Provisions respecting the Protection of Personal Information (“Bill 64” or the “Bill”)[1] received royal assent on September 22, 2021, introducing new obligations for private sector businesses in Québec phased over the course of three years. […] it is important…

“Shoot the Messenger,” Friday edition: Homewood Health resorts to threats and a court order?

Posted on October 15, 2021 by Dissent

In July of this year, CTV News in Canada and DataBreaches.net reported on a breach involving Homewood Health in Canada. Both CTV and this site had become aware of the breach when data allegedly from Homewood showed up on a leak site called Marketo. Marketo claimed to have almost 300 GB of Homewood’s data for…

Missouri Teachers’ Social Security numbers at risk on state agency’s website; state’s response is to shoot the messenger?

Posted on October 14, 2021 by Dissent

Josh Renaud reports: The Social Security numbers of school teachers, administrators and counselors across Missouri were vulnerable to public exposure due to flaws on a website maintained by the state’s Department of Elementary and Secondary Education. The Post-Dispatch discovered the vulnerability in a web application that allowed the public to search teacher certifications and credentials…

Under the media radar…

Posted on October 12, 2021 by Dissent

Here are just a few more breach reports that reveal medical or health information. The following may not be HIPAA-covered entities or may not show up on HHS’s public breach tool even if they are covered (because of the number impacted): Lion Street Financial in Texas recently notified the New Hampshire Attorney General’s Office about…

Ransomware Group FIN12 Aggressively Going After Healthcare Targets

Posted on October 9, 2021 by Dissent

Ravie Lakshmanan reports: An “aggressive” financially motivated threat actor has been identified as linked to a string of RYUK ransomware attacks since October 2018, while maintaining close partnerships with TrickBot-affiliated threat actors and using a publicly available arsenal of tools such as Cobalt Strike Beacon payloads to interact with victim networks. Cybersecurity firm Mandiant attributed…