In May, the NYS Comptroller’s Office released an audit conducted to determine if the New York State Education Department (SED) consistently follows all laws and regulations regarding the safety and privacy of students’ data, and whether SED is properly monitoring school districts to ensure they are complying with the legislation and regulations that govern data…
Category: Commentaries and Analyses
MGM, Caesars casino hacks point to an alliance of teens and ransomware gangs
Joseph Menn reports on the group of hackers some have called “Scattered Spider:” … New research being presented Friday at the LABScon security conference outside Phoenix gives an origin story to the hackers, who the experts say call themselves Star Fraud. They say the group consists of a few dozen hackers who have connected online…
DHS Pushes for Common Cyber Incident Reporting Definitions
Jose Rascon reports: The Department of Homeland Security (DHS) has released a new report looking to wrangle the different avenues in which the Federal government and its agencies report cyber incidents in a more ‘reportable’ fashion. The report, titled “Harmonization of Cyber Incident Reporting to the Federal Government” and released on Sept. 19, comes as…
Covington Client Intervenes in SEC Battle, Objecting to Disclosure of Identity
Abigail Adcox reports: A Covington & Burling client whose information may have been exposed in a 2020 cyberattack is insisting that its identity should not be disclosed to the Securities and Exchange Commission, which had sought out client names in a subpoena to the law firm. The client, following a subpoena battle between Covington and SEC,…
Mount Desert Island Hospital updates its breach disclosure again but still doesn’t reveal what data were leaked
On July 1, DataBreaches reported that Mount Desert Island Hospital (MDIH) in Maine notified HHS on June 30 that 24,180 patients had been affected by a breach between April 28 and May 7. The types of protected health information involved included name, address, date of birth, driver’s license/state identification number, Social Security number, financial account…
Schools Are the Most Targeted Industry by Ransomware Gangs
Waqas reports that based on research by Sophos, the education sector is the most vulnerable and targeted by ransomware attacks. KEY FINDINGS 80% of lower education providers and 79% of higher education institutions reported ransomware attacks in the last year. Education is the most targeted industry by cybercriminals, primarily motivated by the high percentage of…