Commentaries and Analyses – Page 272

NY: “Grief” claims to have breached Rehabilitation Support Services

Posted on July 5, 2021 by chum1ng0

A rehabilitation and support services agency that provides services to more than 3,000 individuals with psychiatric and substance abuse disorders each year has been the victim of a cyberattack by threat actors call themselves “Grief.” Rehabilitation Support Services, Inc. (RSS) operates in 13 upstate New York counties through 5 service divisions. According to their web…

Hackety hack hack…

Posted on July 4, 2021 by Dissent

There are so many breach reports that it’s hard to even find all the notices and reports about them these days. These days, there are many breaches that I log in worksheets I compile for Protenus’s Breach Barometer annual report but never even post on this blog. Just today, for example, I found: a notice…

NYDFS Issues Guidance on Cybersecurity Controls to Combat Ransomware and Clarifies Reporting Obligations

Posted on July 4, 2021 by Dissent

Lance Taubin, Kate Hanniford, and Kimberly Peretti of Alston & Bird write: The New York Department of Financial Services (NYDFS) issued new guidance this week intended to assist organizations in thwarting ransomware attacks. The guidance clarifies the NYDFS’ expectation that NYDFS-regulated companies should “implement these controls whenever possible” and report any successful deployment of ransomware…

Cyber reinsurance rates rocket at July renewals

Posted on July 4, 2021 by Dissent

Carolyn Cohn reports: Global cyber reinsurance rates have soared by up to 40% in the July renewal season, reinsurance broker Willis Re said on Thursday, as ransomware attacks increase in number and severity. The average ransom payment made by a business to restore data after a cyber attack was $220,000 in the first quarter, up…

Babuk Ransomware, if you Hit and Run do not leave a trace (updated)

Posted on July 2, 2021 by Dissent

Updated: On January 5, DataBreaches.net was hit with a DDoS attack, which was pretty rude considering I was still on my first cup of coffee. It turns out that someone identifying themself as @dyadka0220 was upset that this site had linked to DarkFeed’s post. Whether they are the same @dyadka0220 as seen elsewhere is unknown…

Norwegian DPA: Oslo University Hospital ordered to amend agreements

Posted on July 2, 2021 by Dissent

The Norwegian Data Protection Authority’s inspection of Oslo University Hospital (OUH) reveals that the hospital cannot document satisfactory control of patient data when the hospital needs laboratory services from other countries. The Data Protection Authority understands that it is important to be able to use laboratories in other countries when the hospital or other Norwegian laboratories do…