Although many thought that WannaCry was in the rear view mirror, a recent report by Artemis, based on client experience, found that health care organizations and manufacturing companies are still being hit with the ransomware...more
Another city, another ransomware attack. Cities and municipalities continue to be targeted with ransomware campaigns. Fortunately, in this case, essential services such as fire, police, Emergency Medical Services and 311...more
The Department of Homeland Security (DHS) issued a warning on April 15, 2019 entitled “VPN Applications Insecurely Store Session Cookies” (Vulnerability Note VU#192371) stating that “[M]ultiple Virtual Private Network (VPN)...more
4/19/2019
/ Cookies ,
Data Breach ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Email ,
Hackers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Incident Response Plans ,
Information Technology ,
Personally Identifiable Information ,
Phishing Scams
The Ponemon Institute recently completed research, sponsored by IBM Resilient, entitled “The 2019 Cyber Resilient Organization,” which surveyed more than 3,600 security and IT professionals around the world to determine...more
I have been alerting clients that I know use Wipro, but may have missed some of you.It is being reported that IT outsourcing company Wipro Ltd. has been hacked through several phishing campaigns from what is believed to be a...more
The Department of Homeland Security (DHS) issued a warning on April 15, 2019, entitled “VPN Applications Insecurely Store Session Cookies” (Vulnerability Note VU#192371) stating that “[M]ultiple Virtual Private Network (VPN)...more
Following in the footsteps of the New York Department of Financial Regulation (NYDFS) in enacting cybersecurity requirements for the financial services industry, and in response to massive data breaches in the insurance...more
In an effort to phase out what many in the security world believe are threats to the cybersecurity posture of governmental agencies and private entities alike...more
Cybercriminals have launched a new campaign that not only requires the victim to pay a ransom to have their data decrypted, but when the victim is directed to a PayPal account to pay the ransom to get the decryption key to...more
1/18/2019
/ Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Hackers ,
Information Technology ,
Malware ,
PayPal ,
Personally Identifiable Information ,
Ransomware ,
Risk Management
For data security buffs like me, the recent McAfee® Labs Threats Report, December 2018 is, or should be, a top pick on the list. Well, maybe not for the holiday reading list. We need to be careful not to bring up the results...more
12/27/2018
/ Article III ,
Cyber Crimes ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Driverless Cars ,
Drones ,
Experian ,
Hackers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Information Technology ,
OCR ,
Public Health ,
Risk Management ,
Smart Devices ,
Standing ,
Transportation Industry ,
Vaccinations ,
Value-Based Care ,
Vulnerability Assessments
The bane of data security is the patch. The patch is what your IT guys are doing in the background to fix vulnerabilities in software that are known to the manufacturers, and to attempt to fix the vulnerability before hackers...more
The Office for Civil Rights has announced that it has fined Lakeland, Florida based Advanced Care Hospitalists (ACH) $500,000 for an impermissible disclosure of protected health information by one of its business associates. ...more
12/12/2018
/ Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Electronic Medical Records ,
Fines ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
Information Technology ,
OCR ,
Personally Identifiable Information ,
PHI
Atrium Health and its vendor AccuDoc Solutions have released a joint announcement this week that AccuDoc’s database of 2.6 million billing records of Atrium Health’s patients has been compromised by a hacking incident....more
12/3/2018
/ Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Electronic Medical Records ,
Hackers ,
Healthcare ,
Identity Theft ,
Information Technology ,
Personally Identifiable Information ,
Social Security Numbers
According to a new report by Datto, Inc. (its third annual Global State of the Channel Ransomware Report), ransomware continues to be the top cyber-attack experienced by small and medium sized companies....more
Many companies are migrating their email systems to Microsoft Office 365 (O365). The majority of security incidents that we have been involved in over the past six months involve a hacker successfully phishing an employee of...more
Toyota Industries North America (TINA) has discovered that a hacker was able to access its corporate email system, compromising the personal and protected health information of approximately 19,000 individuals, apparently...more
10/5/2018
/ Cyber Attacks ,
Data Breach ,
Electronic Medical Records ,
Email ,
Hackers ,
Health Insurance ,
HIPAA Breach ,
Information Technology ,
Personally Identifiable Information ,
PHI ,
Toyota
We all remember Kronos—the malicious malware that was sold by Russian underground forums in 2014 for $7,000. If you bought it, you were promised updates and development of new modules.
...more
9/13/2018
/ Banking Sector ,
Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Hackers ,
Information Technology ,
Malware ,
Online Banking ,
Personally Identifiable Information ,
Popular ,
Risk Management
The Federal Bureau of Investigation (FBI) released a Public Service Announcement on August 2, 2018 entitled “Cyber Actors Use Internet of Things Devices as Proxies for Anonymity and Pursuit of Malicious Cyber Activities,”...more
Just days after the summit between the U.S. and North Korea, the Federal Bureau of Investigation (FBI) and the Department of Homeland Security issued a warning about a malicious malware, a Trojan malware variant known as...more
6/26/2018
/ Administrative Law Judge (ALJ) ,
Chief Information Security Officer (CISO) ,
Connected Cars ,
Critical Infrastructure Sectors ,
Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Data-Sharing ,
Department of Homeland Security (DHS) ,
Drones ,
Electronic Protected Health Information (ePHI) ,
Enforcement Actions ,
FBI ,
FCC ,
FERPA ,
Hackers ,
HIPAA Breach ,
Information Technology ,
Malware ,
OCR ,
Risk Management
I hang out with CISOs and CIOs. I support them because they have thankless jobs and have a mountain of responsibilities to protect an organization, most of the time without complete support from the organization. ...more
The Singapore summit was the focus of news stories this week. The media descended on Singapore to capture all of the news. When journalists started posting pictures of the contents of the gift bags that they were given at the...more
If you have ever purchased tickets from Ticketfly, be aware that it took its homepage offline last week because it has experienced a “cyber incident.” It stated that “Following a series of recent issues with Ticketfly...more
CYBERSECURITY -
South Carolina Enacts Insurance Data Security Act -
South Carolina Governor Henry McMaster signed the South Carolina Insurance Data Security Act into law on May 3, 2018. The law, parts of which become...more
5/25/2018
/ Airspace ,
Ballot Measures ,
Cell Phones ,
Cybersecurity Framework ,
Data Protection ,
Data-Sharing ,
Drones ,
Information Technology ,
Location Data ,
Privacy Concerns ,
Public Safety ,
Regulatory Standards ,
Risk Management ,
State and Local Government
A new Harris Poll for the American Institute of CPA’s (AICPA), which called 1006 U.S. adults for the report, shows interesting statistics regarding American adults’ attitudes and fears about identity theft and financial loss...more
5/10/2018
/ Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Financial Fraud ,
Hackers ,
Identity Theft ,
Information Technology ,
Malware ,
Personally Identifiable Information ,
Phishing Scams ,
Popular ,
Ransomware ,
Risk Management
Medical transcription provider MEDantex has reportedly exposed the protected health information of thousands of patients through its unsecured provider portal, which did not require a password for access....more