Jonathan Greig reports on some of the significant findings in IBM’s new survey on the cost of a breach: Businesses that fall victim to a data breach can expect a financial hit of nearly $5 million on average — a 10% increase compared to last year — according to IBM’s annual report on cybersecurity incidents….
Category: Commentaries and Analyses
RADAR and DISPOSSESSOR shift to R-a-a-S model
In April, Jim Walter of SentinelOne wrote an article about how some ransomware affiliates were teaming up with others to get paid if they had been cheated by previous partners. Perhaps the best-known recent example of this occurred after ALPHV allegedly secured a $22 million ransoms from Change Healthcare and then absconded with the money…
Turning the tables: two gangs’ opsec fails exposed data; good guys deleted it
Yesterday’s Risky Biz News reported that threat intel firm DarkAtlas says it gained access to one of the Rclone data exfil servers used by the Medusa ransomware group. How many times have researchers uncovered exposed data and warned that threat actors might be able to acquire, manipulate, or delete data? In today’s post, we read…
ICO reprimands the Electoral Commission after cyber attack compromises servers
The U.K.’s Information Commissioner’s Office issued the following statement today: We have issued a reprimand to the Electoral Commission after hackers gained access to servers that contained the personal information of approximately 40 million people. In August 2021, hackers successfully accessed the Electoral Commission’s Microsoft Exchange Server by impersonating a user account and exploiting known…
Curbing liabilities for hacked health systems
Daniel Payne, Ben Leonard, and Chelsea Cirruzzo report: THE LIABILITY QUESTION — State lawmakers, concerned by what they consider to be overreaching class-action lawsuits against health care organizations over data breaches, are moving to curb liability for them, Ben reports. Tennessee is the latest in a string of states to move to reduce liability for organizations that adopt…
Northeast Rehabilitation Hospital Network’s “incident” was a ransomware attack with data leaked, but they haven’t said that.
Northeast Rehabilitation Hospital Network (“NRHN”) is a comprehensive network of physical rehabilitation services that includes four inpatient hospitals and 25+ outpatient rehabilitation clinics. It also provides pain management and specialized pediatric outpatient rehabilitation. On July 19, NRHN notified the U.S. Department of Health & Human Services (HHS) of a “hacking/IT incident” that affected 501 patients. The “501” is…