Update: I just caught up with Lawrence Abram’s excellent reporting on this topic. Abrams’ report gives a somewhat different impression than Forbes’ headline and report. Abrams reports that Netwalker ransomware is using COVID-19 in phishing emails that install the Netwalker ransomware, but from his reporting, it does not appear that Netwalker is specifically targeting the…
University of Utah Health notifies patients of phishing attacks that began in January
The University of Utah Health is notifying patients whose protected health information was in some employees’ email accounts after they fell for a phishing attack. The following is a notice posted on their website March 20th: We are committed to protecting the confidentiality of our patients’ information. Regrettably, this notice is regarding an incident involving…
TQL faces lawsuit over data breach
Clarissa Hawes reports an update to a previously reported breach: A trucking company has filed a lawsuit against Total Quality Logistics (TQL) over its recent data breach, alleging the company was negligent after hackers attacked its computer systems in February. Owner Charles Newman, whose trucking company is not named in the filing, claims TQL, headquartered…
New York SHIELD Act’s Reasonable Safeguard Requirements Became Effective on March 21st —Is Your Company Ready?
Despite the pandemic, life — and most laws — go on. Micaela McMurrough, Caleb Skeath and Micha Nandaraj Gallo of Covington and Burling posted a reminder yesterday: On March 21, 2020, the data security requirements of the New York SHIELD Act became effective. The Act, which amends New York’s General Business Law, represents an expansion of New…
Liar, Liar, Pants on Fire? Did Maze Team go back on its word to leave medically related facilities alone?
We also stop all activity versus all kinds of medical organizations until the stabilization of the situation with virus. — Maze Team, March 18, 2020. Three days after issuing a press release claiming that they would stop all activity against all kinds of medical organizations, Maze Team appears to have gone back on its word….
NIST asks for public comments on new cybersecurity risk management document
Andrew Eversden reports: The National Institute of Standards and Technology is asking for public comments on a new report that provides insight into how organizations can integrate cybersecurity into enterprise risk management. The document, titled “NIST-Interagency Report 8286 Integrating Cybersecurity and Enterprise Risk Management,” advises organizations on how to improve the cybersecurity risk information they…