Mathew J. Schwartz reports: How might banning ransomware victims from paying a ransom to their attacker work in practice? As ransomware groups are causing massive damage and disruption and showing no signs of stopping, Ciaran Martin, the former head of Britain’s National Cyber Security Center, said “it’s time to figure out how to make a ransomware payments…
Category: Commentaries and Analyses
HHS Statement Regarding the Cyberattack on Change Healthcare
March 5. The U.S. Department of Health and Human Services (HHS) is aware that Change Healthcare – a unit of UnitedHealth Group (UHG) – was impacted by a cybersecurity incident in late February. HHS recognizes the impact this attack has had on health care operations across the country. HHS’ first priority is to help coordinate…
Three recent breach disclosures remind us how seldom timely breach notification is enforced under HITECH
Three recent data breach disclosures involving patient data all exceeded HIPAA’s 60-day deadline to notify HHS and individuals. Yakima Valley Radiology A breach involving the Washington state radiology service was added to Karakurt’s leak site in November 2023 with a listing claiming — without proof — that they had acquired 9.31 GB of files with financial…
EPIC Emphasizes That FCC Pilot Program Protect Student Privacy, Not Just School Cybersecurity
From the good folks at EPIC.org: On February 27, EPIC filed reply comments with the Federal Communications Commission supporting the FCC’s proposal to use funds from its E-Rate program to support strengthening cybersecurity at schools and libraries, as these are increasingly attractive targets to hackers. The E-Rate program uses discounted pricing to facilitate schools and libraries providing…
These Video Doorbells Have Terrible Security. Amazon Sells Them Anyway.
Stacey Higginbotham and Daniel Wroclawski report: On a recent Thursday afternoon, a Consumer Reports journalist received an email containing a grainy image of herself waving at a doorbell camera she’d set up at her back door. If the message came from a complete stranger, it would have been alarming. Instead, it was sent by Steve…
CISA Alert CodeAA23-353A: ALPHV BlackCat
February 27, 2024: SUMMARY Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware….