Daniel Payne, Ben Leonard, and Chelsea Cirruzzo report: THE LIABILITY QUESTION — State lawmakers, concerned by what they consider to be overreaching class-action lawsuits against health care organizations over data breaches, are moving to curb liability for them, Ben reports. Tennessee is the latest in a string of states to move to reduce liability for organizations that adopt…
Category: Commentaries and Analyses
Northeast Rehabilitation Hospital Network’s “incident” was a ransomware attack with data leaked, but they haven’t said that.
Northeast Rehabilitation Hospital Network (“NRHN”) is a comprehensive network of physical rehabilitation services that includes four inpatient hospitals and 25+ outpatient rehabilitation clinics. It also provides pain management and specialized pediatric outpatient rehabilitation. On July 19, NRHN notified the U.S. Department of Health & Human Services (HHS) of a “hacking/IT incident” that affected 501 patients. The “501” is…
North Korean Hackers Targeted Cybersecurity Firm KnowBe4 with Fake IT Worker
James Coker reports: Cybersecurity awareness training company KnowBe4 has revealed it was duped into hiring a fake IT worker from North Korea, resulting in attempted insider threat activity. The malicious activity was identified and prevented before any illegal access was gained or any data was compromised on KnowBe4 systems. In a blog published on July 23,…
Ransomware ecosystem fragmenting, but not necessarily great news
Alexander Martin reports: Veteran cybercriminals involved in ransomware attacks are increasingly shying away from large ransomware-as-a-service (RaaS) platforms following a spate of law enforcement disruption operations, as well as the AlphV/BlackCat gang’s high-profile exit scam, according to officials and industry experts. Organized online crime groups are attempting to reduce their dependence on RaaS services by developing…
Suffolk County cyberattack recovery costs hit $25M; final tab still being tallied
Remember how Suffolk County in New York had decided cyberinsurance was too expensive and how they got hit with a ransomware attack by AlphV in 2022. The county not only had no insurance, but it had no cyberattack recovery plan. Mark Harrington reports another update on that incident: Suffolk County approved more than $25…
Hacked in 2022, Dell & Dean law firm first notifying affected clients now
From DataBreaches’ “Now what does THIS mean?” file, a notification letter from Dell & Dean PLLC, a law firm in New York. On July 17, Dell & Dean’s external counsel notified the Maine Attorney General’s Office about a breach in September 2022 that affected 6,803 people. A copy of the firm’s notification letter was appended…