DataBreaches.net has found two behavioral health entities that reportedly or allegedly experienced recent cyberattacks involving protected health information of patients. The first, Behavioral Health Partners of Metrowest (BHPMW), describes itself as a partnership that brings together leading social services and behavioral health agencies serving the Greater MetroWest region of Massachusetts. Together, they write, Family Continuity,…
Update: More than 90,000 South Australian public servants now involved in payroll data breach
Rory McLaren reports: South Australia’s Treasurer says 13,088 current and former public servants more than previously thought had their personal information stolen in a cyber attack last year. Treasurer Stephen Mullighan told parliament on Wednesday a “forensic review” by PricewaterhouseCoopers (PwC) uncovered the additional people that had had their personal data stolen, in addition to the 80,000 employees announced…
Political Agreement Reached on New EU Horizontal Cybersecurity Directive
Mark Young and Tomos Griffiths of Covington and Burling write: In the early hours of Friday, 13 May, the European Parliament and the Council of the EU reached provisional political agreement on a new framework EU cybersecurity law, known as “NIS2”. This new law, which will replace the existing NIS Directive (which was agreed around the same…
Exploratory study into ransomware attacks in Dutch government services and companies
Cybercrimeinfo.nl writes: Statistics Netherlands (CBS), in collaboration with the National Cyber Security Center (NCSC), has conducted an exploratory study into ransomware attacks in Dutch government services and companies. The researchers looked at, among other things, the timeline and costs of attacks with ransomware. Due to the sensitivity of the collected data, the report has not been published…
Alert (AA22-137A): Weak Security Controls and Practices Routinely Exploited for Initial Access
Alert (AA22-137A) Weak Security Controls and Practices Routinely Exploited for Initial Access CISA Alert Published May 17, 2022: Summary Cyber actors routinely exploit poor security configurations (either misconfigured or left unsecured), weak controls, and other poor cyber hygiene practices to gain initial access or as part of other tactics to compromise a victim’s system. This…
Data leak containing info of 22.5 million Malaysians not from NRD, says Hamzah
Mazwin Nik Anis reports: The alleged data leak containing information of 22.5 million Malaysians is not from the National Registration Department (NRD), says Datuk Seri Hamzah Zainudin. The Home Minister said there was a mechanism in place which could prove that the leaked information did not come from the department. Read more at TheStar.