Survey finds 60% of covered entities and 72% of their vendors believe today’s third-party risk management practices are not effective: new guidance provides a consistent set of practices to reduce cyber risk for the health industry FRISCO, Texas–July 27, 2023–The Health 3rd Party Trust (Health3PT) Initiative today announced the release of the Health3PT Recommended Practices &…
ALPHV ransomware adds data leak API in new extortion strategy
Ionut Ilascu reports: The ALPHV ransomware gang, also referred to as BlackCat, is trying to put more pressure on their victims to pay a ransom by providing an API for their leak site to increase visibility for their attacks. […] Multiple researchers spotted earlier this week that the ALPHV/BlackCat data leak site added a new…
Health data of more than 8 million people accessed by MOVEit hackers: US govt contractor
In what may be the largest health data breach reported so far in 2023, a government contractor affected by the MOVEit breach disclosed the breach in an SEC filing. ANS reports: Maximus, a US government services contracting company, has confirmed that hackers exploited a vulnerability in MOVEit Transfer to access the protected health information of…
Crooks pwned your servers? You’ve got four days to tell us, SEC tells public companies
Jessica Lyons Hardcastle reports: Public companies that suffer a computer crime likely to cause a “material” hit to an investor will soon face a four-day time limit to disclose the incident, according to rules approved today by the US Securities and Exchange Commission. The SEC proposed the changes last March, and on Wednesday the financial watchdog voted…
CardioComm, a provider of ECG monitoring devices, confirms cyberattack downed its services
Carly Page reports: CardioComm Solutions, a Canadian provider of consumer and professional-grade heart monitoring technologies, has been downed by an ongoing cybersecurity incident. The Toronto-based organization said on Tuesday that its business operations will be “impacted for several days and potentially longer” following a “cybersecurity incident on the Company’s servers.” At the time of writing,…
Recent NYS audits of K-12 school districts’ infosecurity
A toot by Doug Levin yesterday reminded me that I haven’t posted NYS Comptroller audits of school districts in a while. So here are three to get caught up: Jericho Union Free School District – Acceptable Use Policy (2022M-194) Issued Date: July 21, 2023 Audit Objective Determine whether Jericho Union Free School District (District) officials…