Kevin Beaumont writes: Yesterday, Microsoft CEO Satya Nadella sat down with the media to introduce a new feature called Recall, as part of their Copilot+ PCs. It takes screenshots of what you’re doing on constantly, by design. Previously, Kevin wrote: For those who aren’t aware, Microsoft have decided to bake essentially an infostealer into base…
Category: Commentaries and Analyses
100 Groups Urge Feds to Put UHG on Hook for Breach Notices
Marianne Kolbasuk McGee reports: More than 100 medical associations and industry groups representing tens of thousands of U.S. doctors and healthcare professionals have banded together to urge federal regulators to hold Change Healthcare responsible for breach notifications related to a massive February ransomware attack. The groups in a letter Monday asked the U.S. Department of Health and…
US says cyberattacks against water supplies are rising, and utilities need to do more to stop them
Michael Phillis and Matthew Daly report: Cyberattacks against water utilities across the country are becoming more frequent and more severe, the Environmental Protection Agency warned Monday as it issued an enforcement alert urging water systems to take immediate actions to protect the nation’s drinking water. About 70% of utilities inspected by federal officials over the…
FTC Finalizes Order with Blackbaud Related to Allegations the Firm’s Security Failures Led to Data Breach
The Federal Trade Commission has finalized an order against Blackbaud Inc. settling allegations that its lax security practices allowed a hacker to breach the company’s network and access the personal data of millions of consumers including Social Security and bank account numbers. In a complaint first announced in February 2024, the FTC charged that the South Carolina firm,…
Mosaic Mental Health notifies patients of breach
On September 25, 2023, Riverdale Mental Health d/b/a Mosaic Mental Health (“MOSAIC”) notified HHS of an incident that affected 7,281 patients. The incident was coded as a “hacking/IT incident” involving their network, but no further details were available at the time. On April 3, more than six months later, they sent out notification letters. Massachusetts…
UK NCSC and Insurance Associations Publish Guidance on the Approach to Ransom Payments
Financial and insurance organizations have been under increasing attack by Scattered Spider. Now there is more guidance for entities. Hunton Andrews Kurth notes: On May 14, 2024, the UK National Cyber Security Centre (“NCSC”) and three major UK insurance associations (Association of British Insurers (“ABI”), British Insurance Brokers’ Association (“BIBA”) and International Underwriting Association (“IUA”)),…