It is an old trick, and one that scammers are once again using following massive lay-offs after the coronavirus outbreak and mandates to shelter from home....more
Evil doers know that the best time to attack is during a crisis or a time of vulnerability. As the United States, and specifically, the Department of Health and Human Services (HHS) attempts to respond to and get ahead of the...more
Acknowledging the “additional challenges” on health care providers following the outbreak of COVID-19, the Department of Health and Human Services (HHS) recently issued several waivers for covered entities to address the need...more
City of Durham, NC Hit With Ryuk Ransomware -
Another city—Durham, North Carolina—has become the victim of a ransomware attack stemming from a Russian hacker group following a successful phishing scheme. After falling...more
3/13/2020
/ California Consumer Privacy Act (CCPA) ,
China ,
Coronavirus/COVID-19 ,
Crisis Management ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Infectious Diseases ,
Municipalities ,
New Legislation ,
Personal Data ,
Personally Identifiable Information ,
Private Right of Action ,
Public Health ,
Ransomware
Another city—Durham, North Carolina—has become the victim of a ransomware attack stemming from a Russian hacker group following a successful phishing scheme....more
3/13/2020
/ Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Emergency Response ,
Hackers ,
Information Technology ,
Municipalities ,
Personally Identifiable Information ,
Phishing Scams ,
Ransomware
On March 5, 2020, Vermont Governor Phil Scott signed into law Senate Bill 110, “An act relating to data privacy and consumer protection,” which provides authority to develop a statewide data privacy inventory of the...more
3/13/2020
/ Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Databases ,
Information Governance ,
New Legislation ,
Personal Data ,
Personally Identifiable Information ,
Risk Management ,
State and Local Government
I was admittedly bummed when I received the email from IAPP cancelling the global summit this year, which was scheduled for next month. Bummed, but not so surprised, as every day the coronavirus is wreaking havoc and causing...more
3/13/2020
/ China ,
Coronavirus/COVID-19 ,
Crisis Management ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Emergency Management Plans ,
Emergency Response ,
Event Cancellation ,
Infectious Diseases ,
Public Health
The conference I was supposed to speak at next week was just cancelled, as many are and will be, due to coronavirus concerns. The topic was “Insider Threats and How to Mitigate Them.”...more
3/13/2020
/ Best Practices ,
China ,
Coronavirus/COVID-19 ,
Crisis Management ,
Data Management ,
Data Protection ,
Emergency Management Plans ,
Health and Safety ,
Infectious Diseases ,
Policies and Procedures ,
Public Health ,
Risk Management ,
Risk Mitigation ,
Telecommuting ,
Threat Management ,
Workplace Safety
One of the most significant consumer rights offered by the new California Consumer Privacy Act (CCPA) is what we call the “private right of action” afforded by the law. A private right of action under a law basically means...more
3/13/2020
/ California Consumer Privacy Act (CCPA) ,
Class Action ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Information Governance ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
Private Right of Action ,
State and Local Government
Two Las Vegas casinos’ networks were down over the past week, with posted signs saying “Cash Only” throughout the casinos after a suspected ransomware attack. Electronic slot machines were silent as the casinos reacted to the...more
3/6/2020
/ Casinos ,
Coronavirus/COVID-19 ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Loss Prevention ,
Data Privacy ,
Data Protection ,
Data Security ,
E-1 ,
Gaming ,
Hackers ,
Medicare Part D ,
OIG ,
Ransomware ,
Scams ,
Wire Fraud
Scammers always go back to the good old scams, even when they are making bundles on new scams. Although our lives have been consumed of late with an onslaught of ransomware attacks, this past week, we have seen an uptick in...more
Two Las Vegas casinos’ networks were down over the past week, with posted signs saying “Cash Only” throughout the casinos after a suspected ransomware attack. Electronic slot machines were silent as the casinos reacted to the...more
The coronavirus—or COVID-19—has health care experts scrambling, and has caused global concern for health and well-being due to its rapid spread throughout many countries, including the United States....more
3/6/2020
/ China ,
Coronavirus/COVID-19 ,
Cyber Crimes ,
Data Breach ,
Fake Websites ,
Fraud ,
Infectious Diseases ,
Malware ,
Online Platforms ,
Personal Data ,
Personally Identifiable Information ,
Public Health ,
Scams ,
Social Media
Natural Gas Compressor Facility Shut Down After Ransomware Attack -
The Department of Homeland Security (DHS) announced this week that a ransomware attack shut down a natural gas compressor facility for two days. While in...more
2/25/2020
/ Bitcoin ,
Critical Infrastructure Sectors ,
Cyber Attacks ,
Cyber Crimes ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Department of Health and Human Services (HHS) ,
Emergency Response ,
Extortion ,
Hackers ,
OCR ,
Personally Identifiable Information ,
Popular ,
Ransomware ,
Settlement Negotiations ,
TCPA
Every year, we remind our readers that the HIPAA data breach notification regulations require covered entities to notify the Office for Civil Rights (OCR) of any reportable data breaches that involved fewer than 500...more
2/21/2020
/ Covered Entities ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Electronic Protected Health Information (ePHI) ,
Filing Deadlines ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
HIPAA Breach Notification Rule ,
OCR ,
PHI ,
Regulatory Requirements ,
Reporting Requirements ,
Self-Reporting
The Department of Homeland Security (DHS) announced this week that a ransomware attack shut down a natural gas compressor facility for two days. While in the network, the attacker deployed software trying to “identify...more
2/20/2020
/ Cyber Attacks ,
Cybersecurity ,
Department of Homeland Security (DHS) ,
Incident Response Plans ,
Infrastructure ,
Natural Gas ,
Phishing Scams ,
Power Infrastructure ,
Ransomware ,
Risk Management ,
Risk Mitigation
Criminal minds are creative, and new ransomware strains show just how creative cyber-attackers can be. A new strain of ransomware, dubbed Ransomwared, requests a different kind of payment from the victim than the typical...more
There’s nothing worse than paying criminals. And paying a ransom for data is just that—paying criminals for a criminal act. All you get out of the payment is access to your data....more
Confirming what we are seeing in the field, cybersecurity firm Cybersecurity Ventures has predicted that, globally, businesses in 2021 will fall victim to a ransomware attack every 11 seconds, down from every 14 seconds in...more
2/18/2020
/ Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Email ,
Hackers ,
Information Technology ,
Personally Identifiable Information ,
Phishing Scams ,
Ransomware ,
Risk Management ,
Vulnerability Assessments
Ransomware Attacks Predicted to Occur Every 11 Seconds in 2021 with a Cost of $20 Billion -
Confirming what we are seeing in the field, cybersecurity firm Cybersecurity Ventures has predicted that, globally, businesses in...more
2/14/2020
/ Bitcoin ,
Brand ,
California Consumer Privacy Act (CCPA) ,
China ,
Critical Infrastructure Sectors ,
Cyber Attacks ,
Cyber Crimes ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Digital Wallets ,
Drones ,
Email ,
Emergency Response ,
General Data Protection Regulation (GDPR) ,
Hackers ,
Legislative Agendas ,
Medical Devices ,
Personal Data ,
Personally Identifiable Information ,
Phishing Scams ,
Proposed Legislation ,
Regulatory Requirements ,
Risk Mitigation ,
Rulemaking Process ,
State Attorneys General ,
Threat Management ,
Unmanned Aircraft Systems ,
Vulnerability Assessments
A new study by Check Point Research shows that cyber criminals are using well-known brands to lure victims into clicking on nefarious links, providing personal information or credentials, or getting users to transfer money....more
2/14/2020
/ Apple ,
Brand ,
Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Email ,
Facebook ,
Google ,
Hackers ,
Malware ,
Microsoft ,
Netflix ,
PayPal ,
Personally Identifiable Information ,
Phishing Scams ,
Ransomware ,
Spotify ,
Vulnerability Assessments ,
Yahoo!
The Ponemon Institute recently issued its 2020 Cost of insider Threats Global Report, which finds that the frequency and cost of insider threats is continued to increase. Sponsored by ObserveIT and IBM, the 2020 report is the...more
2/11/2020
/ Confidential Information ,
Cyber Attacks ,
Cyber Threats ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Employee Misconduct ,
Information Sharing ,
Internal Controls ,
Negligence ,
Popular ,
Risk Management ,
Threat Management ,
Vulnerability Assessments
Researchers at Sentinel One and Dragos have detected malicious code, called EKANS or Snake, that has been designed specifically to target industrial control systems (ICS), including those of oil refineries, manufacturing...more
2/10/2020
/ Critical Infrastructure Sectors ,
Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Hackers ,
Information Technology ,
Malware ,
Manufacturing Facilities ,
Oil & Gas ,
Pipelines ,
Power Grid ,
Ransomware ,
Refineries ,
Risk Assessment ,
Risk Management ,
Vulnerability Assessments
Researchers at Sentinel One and Dragos have detected malicious code, called EKANS or Snake, that has been designed specifically to target industrial control systems (ICS), including those of oil refineries, manufacturing...more
2/7/2020
/ China ,
Critical Infrastructure Sectors ,
Cyber Attacks ,
Cyber Crimes ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Department of Health and Human Services (HHS) ,
Drones ,
Hackers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Identity Theft ,
Infectious Diseases ,
Malware ,
Medical Records ,
OCR ,
Personally Identifiable Information ,
Point of Sale Terminals ,
Public Health ,
Retailers ,
Tax Fraud ,
Vulnerability Assessments
A point of sale vendor for at least three cannabis dispensaries in the United States exposed the personal data of at least 30,000 cannabis users, including full names, photo IDs, dates of birth, telephone numbers, home...more
2/7/2020
/ Cannabis Products ,
Cannabis-Related Businesses (CRBs) ,
Cloud Storage ,
Cyber Attacks ,
Cyber Crimes ,
Data Breach ,
Dispensaries ,
Hackers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Marijuana ,
Marijuana Related Businesses ,
Medical Marijuana ,
Point of Sale Terminals ,
Recreational Use ,
Retail Market ,
Retailers