January 5, 2024 NEW YORK – New York Attorney General Letitia James today announced an agreement with a Hudson Valley-area health care provider, Refuah Health Center, Inc. (Refuah), for failing to safeguard the personal and private health information of its patients. The Office of the Attorney General (OAG) found that Refuah failed to maintain appropriate controls to protect and limit access to sensitive data, including by failing to encrypt patient information and using multi-factor authentication. As…
Major Us Museums Suffer Cyberattack Fallout
ArtForum reports: Several US arts institutions were rendered unable to display their collections online after a cyberattack struck a tech service provider used by the museums, the New York Times reports. Among those affected by the breach targeting Gallery Systems, which aids cultural institutions in managing internal documents and displaying works digitally, were the Museum of Fine…
Medical Device Cybersecurity: Agencies Need to Update Agreement to Ensure Effective Coordination — GAO
GAO-24-106683 Published: Dec 21, 2023. Publicly Released: Dec 21, 2023. Highlights: What GAO Found According to the Department of Health and Human Services (HHS), available data on cybersecurity incidents in hospitals do not show that medical device vulnerabilities have been common exploits. Nevertheless, HHS maintains that such devices are a source of cybersecurity concern warranting…
“Pompompurin” taken into custody after violating conditions of pre-sentencing release on bond (1)
In what will likely come as no surprise to those who know Conor Brian Fitzpatrick aka “Pompompurin,” he allegedly violated the conditions of his pre-sentencing release on bond by using a VPN on the internet and without the necessary monitoring required by his release conditions. He was arrested on January 3 and detained until a…
19 Individuals Worldwide Charged In Transnational Cybercrime Investigation Of The xDedic Marketplace
January 4 – Tampa, Florida – United States Attorney Roger B. Handberg announces the culmination of a transnational cybercrime investigation involving the xDedic Marketplace. According to court documents, the xDedic Marketplace was a website on the dark web that illegally sold login credentials (usernames and passwords) to servers located across the world and personally identifiable information—dates…
Zeppelin ransomware source code sold for $500 on hacking forum
Bill Toulas reports: A threat actor announced on a cybercrime forum that they sold the source code and a cracked version of the Zeppelin ransomware builder for just $500. The post was spotted by threat intelligence company KELA and while the legitimacy of the offer has not been validated, the screenshots from the seller indicate that the package…