Tim Tobin, Harriet Pearson, Paul Otto, and Jonathan Hirsch of Hogan Lovells write: On February 4, the New York Department of Financial Services (NYDFS) released Insurance Circular Letter No. 2 (2021), a Cyber Insurance Risk Framework (Framework) for insurers that write cyber insurance. The Framework identifies best practices that property/casualty insurers “should employ” to manage…
Category: Commentaries and Analyses
SG: Undertaking by StarMed Specialist Centre Pte Ltd
The Personal Data Protection Commission of Singapore announced a new undertaking this week. The incident that led to the investigation was a ransomware attack on a medical entity, and findings included that the entity had left RDP open and had weak login credentials, among other concerns. The undertaking was to get them to harden their…
Patient data at risk as doctors communicate with Facebook, WhatsApp
Domanii Cameron reports: Doctors at public and private hospitals are having to consult about their patients via Facebook and messaging apps, prompting calls for a real-time messaging platform. Rural Doctors Association of Australia president John Hall told The Sunday-Mail he had witnessed the issue first-hand while claiming it was widespread practice. Read more on Herald Sun (AU.
Alleged Hydra Market Operators Identified
GeminiAdvisory analysts write: Gemini analysts have found a post by an anonymous author on the hydra[.]expert domain claiming to have uncovered the true identities of the individuals running Hydra, one of the largest Russian-language dark web marketplaces for drugs. While formerly part of Hydra’s infrastructure, hydra[.]expert now appears to be solely dedicated to identifying Hydra’s…
CIS launches no-cost ransomware service for U.S. hospitals
Kat Jerich reports: The nonprofit Center for Internet Security announced this week that it had launched a no-cost ransomware protection service for private hospitals in the United States. The Malicious Domain Blocking and Reporting service, which is already available for public hospitals, health departments and healthcare organizations, uses Enterprise Threat Protector software from the cybersecurity…
Dutch Police post “say no to cybercrime” warnings on hacker forums
Lawrence Abrams reports: The Dutch Police have begun posting warnings on Russian and English-speaking hacker forums not to commit cybercrime as law enforcement is watching their activity. Since the conclusion of Operation LadyBird, law enforcement’s disruption of the Emotet botnet, the Dutch Police state that they are creating forum accounts on hacker forums to warn hackers…