Alabama City Hit with Ransomware -
On June 5, 2020, Florence, Alabama’s information technology systems were hit with ransomware by the DoppelPaymer group demanding a ransom payment of $378,000 in bitcoin. Mayor Steve Holt...more
6/13/2020
/ California Consumer Privacy Act (CCPA) ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Department of Homeland Security (DHS) ,
Hackers ,
Marketing ,
Microsoft ,
Personal Data ,
Personally Identifiable Information ,
Popular ,
Ransomware ,
Robocalling ,
Vulnerability Assessments
As you know, I very rarely download mobile apps. Except for a multi-factor authentication app, and of course, the Jumbo privacy app....more
6/12/2020
/ Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Dark Web ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Hackers ,
Mobile App Privacy Guidelines ,
Personally Identifiable Information
Capital One Required to Produce Forensic Report in Class Action -
As a litigator, when responding to any security incident, thoughtful consideration is given to the possibility that the security incident may wind up in...more
5/31/2020
/ Artificial Intelligence ,
Automation Systems ,
Capital One ,
Class Action ,
Cybersecurity ,
Cybersecurity Maturity Model Certification (CMMC) ,
Data Breach ,
Data Privacy ,
Department of Defense (DOD) ,
Drones ,
Financial Services Industry ,
iPhone ,
Popular ,
Robotics ,
Toyota ,
Vulnerability Assessments
Texas Court System Hit with Ransomware -
The Office of Court Administration in Texas (OCA) confirmed late last week that it is the victim of a ransomware attack. The OCA stated that it would not pay the ransom. “OCA was...more
After incidents of Zoom “bombing,” including a recent intrusion by hackers to disrupt a church service with foul content (don’t these guys have better things to do?), it has been reported that hackers are now taking advantage...more
Adult Streaming Site Leaves 7TB of Users’ Information Unsecured -
Live adult streaming website CAM4 has reportedly not secured 7TB of users’ information, which may be able to be used for blackmail and identity theft...more
5/11/2020
/ California Consumer Privacy Act (CCPA) ,
Charitable Organizations ,
Coronavirus/COVID-19 ,
Cyber Attacks ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Security ,
Hackers ,
Health Care Providers ,
OCR ,
Personally Identifiable Information ,
Scams
ExecuPharm Data Stolen in Ransomware Attack Published on Internet -
In a growing trend, pharmaceutical company ExecuPharm became the victim of a ransomware attack on March 13, 2020, by the CLOP ransomware group, which...more
Cognizant Confirms Maze Ransomware Attack -
The criminals behind the Maze ransomware [view recent related posts here and here] have gone big and hit Cognizant, one of the largest technology consulting companies in the U.S.,...more
4/25/2020
/ Coronavirus/COVID-19 ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Drones ,
Fast-Food Industry ,
Loss Prevention ,
National Security ,
NYDFS ,
Personal Data ,
Personally Identifiable Information ,
Phishing Scams ,
Popular ,
Ransomware ,
U.S. Navy
I always enjoy hosting and participating in the CISO Executive Network meetings. The meetings offer Chief Information Security Officers (CISOs) the opportunity to discuss together ways they can improve security in their...more
Sodinokibi Hackers Switch Payment Mechanism to Monero -
The hackers behind the Sodinokibi/REvil ransomware have reportedly switched their demands for payment from Bitcoin or Ethereum to Monero cryptocurrency to try to...more
4/19/2020
/ Bitcoin ,
CARES Act ,
Coronavirus/COVID-19 ,
Cryptocurrency ,
Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Security ,
Financial Stimulus ,
Hackers ,
INTERPOL ,
Personally Identifiable Information ,
Popular ,
Ransomware ,
Risk Mitigation ,
Scams
With employees working from home, attackers are relying on the fact that assistants and others are not able to confirm these requests from the executives as they are not in the same physical proximity to the executives as...more
FBI Issues Warning of Increased BEC During COVID-19 Pandemic -
On April 6, 2020, the Federal Bureau of Investigation (FBI) issued a warning to companies to be aware of an increase in business email compromises (BEC)...more
4/14/2020
/ ALEXA ,
Android ,
Business E-Mail Compromise (BEC) ,
Coronavirus/COVID-19 ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Diagnostic Tests ,
FBI ,
Scams ,
Telecommuting ,
Vulnerability Assessments
Microsoft Issues Cybersecurity Risk Warning and Offers Help to Hospitals During COVID-19 Crisis -
On April 1, 2020, Microsoft issued a specific warning to health care entities alerting them that they are at particular risk...more
4/6/2020
/ Coronavirus/COVID-19 ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Microsoft ,
OCR ,
Popular ,
Telemarketing ,
Vulnerability Assessments
COVID-19 Vaccine Test Lab Hit by Maze Ransomware -
Despite the fact that the hackers behind Maze ransomware previously promised not to hit medical organizations during the coronavirus pandemic, the ransomware recently...more
3/31/2020
/ California Consumer Privacy Act (CCPA) ,
Coronavirus/COVID-19 ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Drones ,
Federal Aviation Administration (FAA) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Ransomware ,
Spam ,
Telecommuting ,
Telehealth
HHS Targeted by Nation-State Hackers -
Evil doers know that the best time to attack is during a crisis or a time of vulnerability. As the United States, and specifically, the Department of Health and Human Services (HHS)...more
3/20/2020
/ California Consumer Privacy Act (CCPA) ,
Coronavirus/COVID-19 ,
Cybersecurity ,
Data Privacy ,
Department of Health and Human Services (HHS) ,
Federal Trade Commission (FTC) ,
FERPA ,
Hackers ,
Personal Data ,
PHI ,
Scams ,
State Attorneys General ,
Telecommuting ,
Waivers
City of Durham, NC Hit With Ryuk Ransomware -
Another city—Durham, North Carolina—has become the victim of a ransomware attack stemming from a Russian hacker group following a successful phishing scheme. After falling...more
3/13/2020
/ California Consumer Privacy Act (CCPA) ,
China ,
Coronavirus/COVID-19 ,
Crisis Management ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Infectious Diseases ,
Municipalities ,
New Legislation ,
Personal Data ,
Personally Identifiable Information ,
Private Right of Action ,
Public Health ,
Ransomware
On March 5, 2020, Vermont Governor Phil Scott signed into law Senate Bill 110, “An act relating to data privacy and consumer protection,” which provides authority to develop a statewide data privacy inventory of the...more
3/13/2020
/ Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Databases ,
Information Governance ,
New Legislation ,
Personal Data ,
Personally Identifiable Information ,
Risk Management ,
State and Local Government
I was admittedly bummed when I received the email from IAPP cancelling the global summit this year, which was scheduled for next month. Bummed, but not so surprised, as every day the coronavirus is wreaking havoc and causing...more
3/13/2020
/ China ,
Coronavirus/COVID-19 ,
Crisis Management ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Emergency Management Plans ,
Emergency Response ,
Event Cancellation ,
Infectious Diseases ,
Public Health
One of the most significant consumer rights offered by the new California Consumer Privacy Act (CCPA) is what we call the “private right of action” afforded by the law. A private right of action under a law basically means...more
3/13/2020
/ California Consumer Privacy Act (CCPA) ,
Class Action ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Information Governance ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
Private Right of Action ,
State and Local Government
Two Las Vegas casinos’ networks were down over the past week, with posted signs saying “Cash Only” throughout the casinos after a suspected ransomware attack. Electronic slot machines were silent as the casinos reacted to the...more
3/6/2020
/ Casinos ,
Coronavirus/COVID-19 ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Loss Prevention ,
Data Privacy ,
Data Protection ,
Data Security ,
E-1 ,
Gaming ,
Hackers ,
Medicare Part D ,
OIG ,
Ransomware ,
Scams ,
Wire Fraud
Natural Gas Compressor Facility Shut Down After Ransomware Attack -
The Department of Homeland Security (DHS) announced this week that a ransomware attack shut down a natural gas compressor facility for two days. While in...more
2/25/2020
/ Bitcoin ,
Critical Infrastructure Sectors ,
Cyber Attacks ,
Cyber Crimes ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Department of Health and Human Services (HHS) ,
Emergency Response ,
Extortion ,
Hackers ,
OCR ,
Personally Identifiable Information ,
Popular ,
Ransomware ,
Settlement Negotiations ,
TCPA
Every year, we remind our readers that the HIPAA data breach notification regulations require covered entities to notify the Office for Civil Rights (OCR) of any reportable data breaches that involved fewer than 500...more
2/21/2020
/ Covered Entities ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Electronic Protected Health Information (ePHI) ,
Filing Deadlines ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
HIPAA Breach Notification Rule ,
OCR ,
PHI ,
Regulatory Requirements ,
Reporting Requirements ,
Self-Reporting
Ransomware Attacks Predicted to Occur Every 11 Seconds in 2021 with a Cost of $20 Billion -
Confirming what we are seeing in the field, cybersecurity firm Cybersecurity Ventures has predicted that, globally, businesses in...more
2/14/2020
/ Bitcoin ,
Brand ,
California Consumer Privacy Act (CCPA) ,
China ,
Critical Infrastructure Sectors ,
Cyber Attacks ,
Cyber Crimes ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Digital Wallets ,
Drones ,
Email ,
Emergency Response ,
General Data Protection Regulation (GDPR) ,
Hackers ,
Legislative Agendas ,
Medical Devices ,
Personal Data ,
Personally Identifiable Information ,
Phishing Scams ,
Proposed Legislation ,
Regulatory Requirements ,
Risk Mitigation ,
Rulemaking Process ,
State Attorneys General ,
Threat Management ,
Unmanned Aircraft Systems ,
Vulnerability Assessments
The Ponemon Institute recently issued its 2020 Cost of insider Threats Global Report, which finds that the frequency and cost of insider threats is continued to increase. Sponsored by ObserveIT and IBM, the 2020 report is the...more
2/11/2020
/ Confidential Information ,
Cyber Attacks ,
Cyber Threats ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Employee Misconduct ,
Information Sharing ,
Internal Controls ,
Negligence ,
Popular ,
Risk Management ,
Threat Management ,
Vulnerability Assessments
Researchers at Sentinel One and Dragos have detected malicious code, called EKANS or Snake, that has been designed specifically to target industrial control systems (ICS), including those of oil refineries, manufacturing...more
2/7/2020
/ China ,
Critical Infrastructure Sectors ,
Cyber Attacks ,
Cyber Crimes ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Department of Health and Human Services (HHS) ,
Drones ,
Hackers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Identity Theft ,
Infectious Diseases ,
Malware ,
Medical Records ,
OCR ,
Personally Identifiable Information ,
Point of Sale Terminals ,
Public Health ,
Retailers ,
Tax Fraud ,
Vulnerability Assessments