Brandon Vigliaro reports: The fallout from an eight-month-old cyber attack on a county in Long Island, New York has devolved into mud-slinging as leaders try to figure out just what is going on. Suffolk County was hit with a ransomware attack in early September 2022, which led county executive Steve Bellone to issue nine separate emergency…
Category: Of Note
NYSDFS Fines Lender and Mortgage Servicer $4.25M for Cybersecurity Failures Including Vendor Management
Joseph Lazzarotti of JacksonLewis writes: Yesterday, New York’s Department of Financial Services (“DFS”) announced another enforcement action under the state’s Cybersecurity Requirements for Financial Services Companies, 23 N.Y.C.R.R. Part 500 (“Reg 500”). According to the press release, OneMain Financial Group LLC (“OneMain”) will pay a $4.25 million penalty to New York State for alleged violations of Reg 500. In…
Chinese hackers spying on US critical infrastructure, Western intelligence says
Zeba Siddiqui and Christopher Bing report: A state-sponsored Chinese hacking group has been spying on a wide range of U.S. critical infrastructure organizations, from telecommunications to transportation hubs, Western intelligence agencies and Microsoft (MSFT.O) said on Wednesday. The espionage has also targeted the U.S. island territory of Guam, home to strategically important American military bases, Microsoft…
NYS settles charges against PracticeFirst stemming from 2020 ransomware incident
In July 2021, Professional Business Systems, Inc. d/b/a Practicefirst Medical Management Solutions and PBS Medcode Corp., a medical management company that processes data for health care providers, issued a press release about a hacking incident that occurred in December 2020. As DataBreaches noted at the time, it appeared that they likely paid ransom because one line in their statement…
The Underground History of Russia’s Most Ingenious Hacker Group
Andy Greenberg writes: Ask western cybersecurity intelligence analysts who their “favorite” group of foreign state-sponsored hackers is—the adversary they can’t help but grudgingly admire and obsessively study—and most won’t name any of the multitudes of hacking groups working on behalf of China or North Korea. Not China’s APT41, with its brazen sprees of supply chain attacks, nor…
Health Breach Notification Rule: FTC wants your insights into proposed changes
From the FTC: The Health Breach Notification Rule has been in place since 2009. Given the pace of innovation, that seems like a century in tech years. Since then, we’ve seen an explosion in the popularity of health apps, fitness trackers, and other health-related monitors. To keep up with technological developments and evolving business practices, the…