Daniel Kapellmann Zafra, Keith Lunden, Nathan Brubaker, and Jeremy Kennelly of FireEye write: Since at least 2017, there has been a significant increase in public disclosures of ransomware incidents impacting industrial production and critical infrastructure organizations. Well-known ransomware families like WannaCry, LockerGoga, MegaCortex, Ryuk, Maze, and now SNAKEHOSE (a.k.a. Snake / Ekans), have cost victims…
New York State Expected to Increase Enforcement of Cybersecurity Practices
Peter Marta, Jasmeet Ahuja, and Asmaa Awad-Farid of Hogan Lovells write: Companies should take note of two imminent developments in New York in the area of cybersecurity regulation: enforcement of the New York Department of Financial Services (NYDFS) Cybersecurity Regulation (Regulation) and the effective date of the Stop Hacks and Improve Electronic Data Security Act (SHIELD Act…
UK: Rotherwood Healthcare AWS bucket security fail left elderly patients’ DNR choices freely readable online
Gareth Corfield reports: A leak of 10,000 records at a Leicestershire care home provider exposed elderly patients’ wishes not to be resuscitated, detailed care plans and precisely how much councils paid for individual patients’ care. Not only did Rotherwood Care Group, trading as Rotherwood Healthcare, leave an Amazon Web Services S3 bucket accessible to everyone…
UK: Concerns after patient information stolen from doctor’s car
Maia Snow reports: Concerns have been expressed after documents containing patient information was stolen from a doctor’s car in the north of the county. The Castle Medical Group, in Burton Road, Ashby, has revealed that on the evening of Monday February 24 items were stolen from a doctor’s car. Among the stolen items was paperwork containing…
PA: Former Franklin Regional student to serve probation for cyber attack that crippled school, county computers
Rich Cholodofksy reports: The lawyer for a former Franklin Regional High School student convicted of a cyberattack that disrupted more than a dozen computer systems throughout Westmoreland County in late 2016 told a judge it was all just a prank. Defense attorney Lyle Dresbold said Michaela G. King uploaded a computer program she purchased for…
Chinese dissident can sue law firm over hack that exposed information online, judge rules
Debra Cassens Weiss reports: A federal judge in Washington, D.C., has ruled that a Chinese asylum-seeker can sue the Clark Hill law firm over a 2017 hack that allegedly exposed personal data online. U.S. District Judge James Boasberg ruled last week in the case of Guo Wengui, who describes himself in the malpractice suit as…