Connor Jones reports: Emotional intelligence was at the heart of the British Library’s widely hailed response to its October ransomware attack, according to CEO Roly Keating. The British Library’s (BL) ransomware attack last year was one of the most damaging in recent memory, at least in the UK. The transparency of the organization’s response over…
Utah Updates to Breach Notification Requirements Take Effect
Dorothy Parson McDermott of JacksonLewis writes: On May 1, 2024, amendments to Utah’s cybersecurity and data breach notification law took effect. The state’s cybersecurity and data breach notification law requires an organization that conducts business in the State of Utah to prevent the unlawful use or disclosure of personal information collected by the organization. Under…
Microsoft to start enforcing Azure multi-factor authentication in July
Sergiu Gatlan reports: Starting in July, Microsoft will begin gradually enforcing multi-factor authentication (MFA) for all users signing into Azure to administer resources. After first completing the rollout for the Azure portal, the MFA enforcement will see a similar rollout for CLI, PowerShell, and Terraform. Redmond says customers will also receive additional information via email…
Cyberattack fallout: Ascension and DocGo troubles ricochet
Andrea Fox reports: DocGo, an ambulatory and remote patient monitoring provider in the U.S. and U.K. filed a notice on May 7 with the U.S. Securities and Exchange Commission over U.S. patient data breached in a recent cyberattack. “As part of its investigation, the company has determined that the threat actor accessed and acquired data,…
SEC amends Reg S-P to require data breach notification within 30 days
Aaron Nicodemus reports: The Securities and Exchange Commission (SEC) will require broker-dealers and registered investment advisers to adopt written policies and procedures for handling data breaches of customer data and notify affected customers within 30 days. On Thursday, the SEC approved amendments to Regulation S-P, known as the safeguards rule. The rule requires covered entities to…
WebTPA Employer Services notifies 2.4 million of April 2023 hack.
WebTPA is a medical claims administrator for health insurance and benefits plans. On December 28, 2023, the Texas firm discovered that they had experienced a data security incident involving certain systems on their network. Subsequent investigation concluded that an unauthorized actor may have exfiltrated personal information between April 18 and April 23, 2023. WebTPA’s clients…