Financial and insurance organizations have been under increasing attack by Scattered Spider. Now there is more guidance for entities. Hunton Andrews Kurth notes: On May 14, 2024, the UK National Cyber Security Centre (“NCSC”) and three major UK insurance associations (Association of British Insurers (“ABI”), British Insurance Brokers’ Association (“BIBA”) and International Underwriting Association (“IUA”)),…
British Library’s candid ransomware comms driven by ’emotional intelligence’
Connor Jones reports: Emotional intelligence was at the heart of the British Library’s widely hailed response to its October ransomware attack, according to CEO Roly Keating. The British Library’s (BL) ransomware attack last year was one of the most damaging in recent memory, at least in the UK. The transparency of the organization’s response over…
Utah Updates to Breach Notification Requirements Take Effect
Dorothy Parson McDermott of JacksonLewis writes: On May 1, 2024, amendments to Utah’s cybersecurity and data breach notification law took effect. The state’s cybersecurity and data breach notification law requires an organization that conducts business in the State of Utah to prevent the unlawful use or disclosure of personal information collected by the organization. Under…
Microsoft to start enforcing Azure multi-factor authentication in July
Sergiu Gatlan reports: Starting in July, Microsoft will begin gradually enforcing multi-factor authentication (MFA) for all users signing into Azure to administer resources. After first completing the rollout for the Azure portal, the MFA enforcement will see a similar rollout for CLI, PowerShell, and Terraform. Redmond says customers will also receive additional information via email…
Cyberattack fallout: Ascension and DocGo troubles ricochet
Andrea Fox reports: DocGo, an ambulatory and remote patient monitoring provider in the U.S. and U.K. filed a notice on May 7 with the U.S. Securities and Exchange Commission over U.S. patient data breached in a recent cyberattack. “As part of its investigation, the company has determined that the threat actor accessed and acquired data,…
SEC amends Reg S-P to require data breach notification within 30 days
Aaron Nicodemus reports: The Securities and Exchange Commission (SEC) will require broker-dealers and registered investment advisers to adopt written policies and procedures for handling data breaches of customer data and notify affected customers within 30 days. On Thursday, the SEC approved amendments to Regulation S-P, known as the safeguards rule. The rule requires covered entities to…