Lorenzo Franceschi-Bicchierai reports: The feds warned that “a group of malicious cyber actors,” whom security experts believe to be the government-sponsored hacking group known as APT6, “have compromised and stolen sensitive information from various government and commercial networks” since at least 2011, according to an FBI alert obtained by Motherboard. The alert, which is also available…
Category: Commentaries and Analyses
FBI: we don’t advise entities to pay ransom demands
While I was at the recent PHI Protection Network conference, I had an opportunity to speak with Ben Stone, Supervisory Special Agent in the FBI’s Pennsylvania Cyber Squad. One of the questions I put to him was why the FBI had been advising companies to pay ransomware demands. Special Agent Stone told me that that wasn’t…
UK cops tell suspect to hand over crypto keys in US hacking case
J. M. Porup reports: At a court hearing earlier this month, the UK’s National Crime Authority (NCA) demanded that Lauri Love, a British computer scientist who allegedly broke into US government networks and caused “millions of dollars in damage,” decrypt his laptop and other devices impounded by the NCA in 2013, leading some experts to warn that a…
BakerHostetler Data Security Incident Response Report
BakerHostetler has released its second annual data security incident response report, which is based on 300 cases they advised on last year. The report provides some statistics on causes of incidents, which industries were most affected, and what happens after a security incident is detected – from containment, to notification, to regulatory investigations and even lawsuits. A…
IRS Needs to Further Improve Controls over Financial and Taxpayer Data: GAO
The highlights of a new GAO report on the IRS: The Internal Revenue Service (IRS) made progress in implementing information security controls; however, weaknesses in the controls limited their effectiveness in protecting the confidentiality, integrity, and availability of financial and sensitive taxpayer data. During fiscal year 2015, IRS continued to devote attention to securing its…
Breach or Ransomware Attack? Can’t Sue Under HIPAA, but Maybe Under CFAA
Lucy Li of Fox Rothschild writes: HIPAA itself does not provide a private right of action. So when a hacker or rogue employee impermissibly accesses or interferes with electronic data or data systems containing protected health information, an employer subject to HIPAA cannot sue the perpetrator under HIPAA. Similarly, when a ransomware attack blocks access…