Aaron Nicodemus reports: The Securities and Exchange Commission (SEC) will require broker-dealers and registered investment advisers to adopt written policies and procedures for handling data breaches of customer data and notify affected customers within 30 days. On Thursday, the SEC approved amendments to Regulation S-P, known as the safeguards rule. The rule requires covered entities to…
Category: Of Note
Guthrie Lourdes Hospital still struggling with effects of Ascension cyberattack
Phoebe Taylor-Vuolo, Report for America corps member, reports: Guthrie Lourdes Hospital in Binghamton continues to feel the impact of a recent cyberattack on Ascension, its former parent organization. Ascension said it was hit with a ransomware attack on May 8. Lourdes was officially acquired by the Guthrie health system in February, but officials say that transition is…
BreachForums seized by FBI and law enforcement partners; administrator arrested (3)
It probably will not surprise anyone who has checked BreachForums recently, but there is now a seizure notice on the forum. The notice claims that BreachForums is under the control of the FBI and has been taken down by the FBI and DOJ with assistance from international partners. The forum’s owner, ShinyHunters, or whoever is…
‘Got that boomer!’: How cybercriminals steal one-time passcodes for SIM swap attacks and raiding bank accounts
Here’s your “definitely want to read this one today” piece. Zack Whittaker reports: The incoming phone call flashes on a victim’s phone. It may only last a few seconds, but can end with the victim handing over codes that give cybercriminals the ability to hijack their online accounts or drain their crypto and digital wallets….
CISA Advisory: #StopRansomware: Black Basta
The Cybersecurity and Infrastructure Security Agency (CISA) issued an alert on Black Basta this week. The alert was likely released this week because the attack on Ascension that is disrupting that health system has been attributed to Black Basta. The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), Department of Health and…
Fred Hutch notifies more patients of November 2023 attack (1)
In December 2023, UW’s Fred Hutchinson Cancer Center (“Fred Hutch”) reported a November cyberattack that involved the exfiltration of patient data and attempted extortion of patients. DataBreaches contacted Fred Hutch on December 8 to ask whether the attackers had encrypted their files and whether they had negotiated with the threat actors. They did not reply….