Why Are HIPAA Fines Down 93% - With Data Breaches Soaring?

Marianne Kolbasuk McGee • November 29, 2022

Healthcare providers and their vendors often fear federal regulatory action, but do fines and corrective action many any difference at all? As breach cases have nearly doubled since 2018, federal fines dropped 93% in 2022, and some say the agency is understaffed and crippled by legal challenges.

Governance & Risk Management

Chinese APT Using Google Drive, Dropbox to Drop Malware

Latest

Fraud Management & Cybercrime

Cybersecurity Stigma: More Victims Avoid Saying 'Ransomware'

Mathew J. Schwartz • November 29, 2022

Is the ransomware problem getting better or worse? Unfortunately, gauging attack trends continues to be complicated by the fact that many incidents never come to light publicly and many victims are hesitant to say "ransomware" when describing what hit them, says Comparitech's Rebecca Moody.

Fraud Management & Cybercrime

Meta Fined by Irish Privacy Regulator for GDPR Violations

Akshaya Asokan • November 28, 2022

Facebook will pay a 265 million euro fine to the Irish data protection authority to resolve a 2021 incident when the scraped data of 533 million users appeared online. The data contained names, phone numbers and birthdates. Facebook says it takes active measures against data scraping.

Governance & Risk Management

Indiana Health Entity Reports Breach Involving Tracking Code

Marianne Kolbasuk McGee • November 28, 2022

An Indiana healthcare network, Community Health Network, is the latest medical entity to classify its use of online tracking code as a data breach reportable to federal regulators. It said the unauthorized access/disclosure breach affected 1.5 million individuals.

Fraud Management & Cybercrime

Greater Toronto School Offline Following 'Cyber Incident'

Mihir Bagwe • November 28, 2022

Staffers reacted with incredulity after a cyber incident at a Greater Toronto school district kept systems offline and forced teachers to take attendance manually. Online learning and student Chromebooks were not working at Durham District School Board, which serves more than 74,000 students.

API Security

Cybercrime Forum Dumps Stolen Details on 5.4M Twitter Users

Mathew J. Schwartz • November 28, 2022

Information amassed on 5.4 million Twitter users by an attacker who abused one of the social network's APIs has been dumped online for free. While Twitter confirmed that breach, a researcher suggests other attackers also abused the feature to amass information for millions of other users.

Business Continuity Management / Disaster Recovery

Cyber Resilience Minimizes Risks for Digital Services

Brian Pereira • November 25, 2022

Cyber resilience extends beyond cyberattacks and encompasses the convergence of security and disaster recovery and takes into account other factors such as supply chain disruption, attacks on critical infrastructure, epidemics, market fluctuations, power outages, and natural disasters.

Cybercrime

ISMG Editors: The Rise of Info Stealing Malware

Anna Delaney • November 25, 2022

In the latest weekly update, Information Security Media Group Editors discuss current cybersecurity and privacy issues, including advice on strengthening off-hours defenses during the holiday season, emerging cybercrime trends in 2022, and Palo Alto's first big M&A since early 2021.

Cybercrime

Ontario Teachers’ Data Stolen in Ransomware Attack

Mihir Bagwe • November 25, 2022

A cyberattack on a Canadian teachers’ union gave thieves access to sensitive data of more than 60,000 members The union is yet to disclose the exact number of affected individuals, but stated that both former and current members are impacted.

Cryptocurrency Fraud

Cybercrime Carnage: Cryptocurrency-Targeting Attacks Abound

Mathew J. Schwartz • November 25, 2022

While the cybercrime story for 2022 has yet to be fully written, cryptocurrency theft will no doubt have a starring role. Buoyed by the collective pilfering of billions of dollars' worth of cryptocurrency this year, what's to stop attackers from doubling down in 2023?

Breach Notification

Lorenz Ransomware Alert: Risk to Healthcare, Public Sector

Mathew J. Schwartz • November 24, 2022

Cybersecurity experts warn that large healthcare and public sector organizations are continuing to get hit by "big-game hunting" attackers wielding Lorenz ransomware. Among the group's known victims are Wolfe Eye Clinic in Iowa and Salud Family Health of Colorado.

Blockchain & Cryptocurrency

Ransomware Group Zeppelin's Costly Encryption Mistake

Anna Delaney • November 24, 2022

The latest edition of the ISMG Security Report discusses how the profits of ransomware group Zeppelin have been smashed by security researchers, FTX again highlighting the risks of trading cryptocurrencies, and vendor Extrahop's newly appointed, high-profile president.

Business Continuity Management / Disaster Recovery

Zeppelin Ransomware Proceeds Punctured by Crypto Workaround

Mathew J. Schwartz • November 24, 2022

As the U.S. celebrates Thanksgiving, let's give thanks for this cybercrime karma: For more than two years, law enforcement and security experts have been exploiting flaws in the crypto-locking malware to help victims decrypt their systems without paying a ransom.