A Florida healthcare system says it is diverting emergency patients and is only accepting certain Level 1 trauma cases while it deals with an "IT security incident." Meanwhile, a Maryland hospital is responding to its own ransomware incident.
In the latest weekly update, ISMG editors discuss the lasting effects of the takedown of the Hive ransomware group, why the U.S. government is warning of a surge in Russian DDoS attacks on hospitals, and why the lack of transparency in U.S. breach notices is creating more risk for consumers.
Banks must rethink their risk management approach in order to be more cyber resilient, says Simon Onyons, managing director, EMEA, cybersecurity with FTI Consulting. The Financial Service Authority in Indonesia recently issued new cybersecurity requirements for the banking industry in the country.
Federal regulators hit Banner Health, which operates hospitals and other care facilities in multiple states, with a $1.25 million HIPAA settlement in the wake of a 2016 hacking incident that affected nearly 3 million individuals. Banner Health will also implement a corrective action plan.
While malicious wipers have stolen most of the headlines in the Russia-Ukraine cyberwar, investigators say Russians are now using modified GammaLoad and GammaSteel info stealer malware to spy on compromised government employee accounts and avoid detection. The attack begins with a phishing email.
Virginia Democratic Sen. Mark Warner, who chairs the Senate Select Committee on Intelligence, says he hopes to gather support for new bipartisan legislation this year to incentivize healthcare sector entities to meet certain minimum cybersecurity standards and tackle other top security concerns.
Researchers from cybersecurity firm WithSecure say they spotted a North Korean espionage campaign they dub "No Pineapple" that reveals a slew of tools in the Pyongyang hacking arsenal. They're confident the hackers were North Korean: One hacker connected to an infected server using a DPRK address.
Attackers this week locked up the business of London-based ION Cleared Derivatives, a software firm that supports derivatives trading, forcing major European banks to process trades manually and prompting a major futures exchange to delay the settlement of trades for two hours.
U.S. federal authorities are establishing a new office to tackle supply chain security issues and help industry partners put federal guidance and policies into practice. Former GSA administrator Shon Lyublanovits says she is spearheading the launch of the new organization.
A combination of three security flaws contained in an open-source electronic health record used mainly by smaller medical practices in the U.S. could allow attackers to steal patient data and potentially compromise an organization's entire IT infrastructure, says a new research report.
Security researchers say they found the Russian intelligence-linked Sandworm threat actor deploying a novel disk wiper against an energy sector company located in Ukraine. Data wipers have played a key role in Russia's hacking campaign against Ukraine.
Government authorities and industry groups are warning the healthcare sector of ongoing distributed denial-of-service attacks on hospitals and other medical entities by Russian nuisance hacking group KillNet, whose name comes from a tool used to launch DDoS attacks.
A Montana healthcare entity has agreed to pay $4.3 million to settle a proposed class action lawsuit filed in the wake of a 2021 hacking incident affecting 214,000 individuals. The deal is the entity's second multimillion-dollar lawsuit settlement in the last four years involving a major breach.
Two hacking breaches - one at a non-profit provider of foster care, mental health and substance treatment services, and the other at a provider of behavioral health services - have affected sensitive information of nearly 400,000 individuals.
Valuations are down, some companies have left the market altogether, and some even have announced deep rounds of layoffs. Yet, Alberto Yépez of Forgepoint Capital retains optimism for the cybersecurity marketplace in 2023 and says now is the ideal time to be ramping up investments in innovation.