Top Stories
Holiday, Weekend Ransomware Attacks Pose Threats to Healthcare Cybersecurity
34 percent of 1,200 surveyed cybersecurity professionals whose organizations had been hit by ransomware on a holiday or weekend said it took them longer than usual to assemble an incident response team. Additionally, 34 percent of healthcare respondents said that it took their organizations longer to assess the attack scope, and 35 percent of healthcare respondents reported lengthier recovery times.
Many Cloud Attacks End in Financial Loss for Healthcare Sector
The healthcare sector is a lucrative target for threat actors, with 86 percent of cloud attacks ending in financial loss, a new report stated.
Feds Alert Healthcare, Other Sectors of Growing Hive Threats
U.S. federal authorities are warning critical infrastructure sectors including healthcare to be on the lookout for indicators of Hive ransomware.
FBI: Hive ransomware extorted $100M from over 1,300 victims
The Federal Bureau of Investigation (FBI) said today that the notorious Hive ransomware gang has successfully extorted roughly $100 million from over a thousand companies since June 2021.
Breaches
Anesthesiology Services Firm Faces 5 Class Action Lawsuits
Proposed class action lawsuits are stacking up against a New York anesthesiology administrative services firm for its July hacking incident that affected about 450,000 patients nationwide.
SolarWinds settles lawsuit over Orion breach as SEC enforcement action looms | SC Media
On Oct. 28, the company settled a class-action lawsuit filed last year by shareholders against SolarWinds, several top executives and their two main private equity owners in the wake of the Orion breach. In the suit, lawyers representing the class argued that the company had neglected its internal cybersecurity in the years proceeding the breach and misled the public about the state of its digital security in public filings to the Securities and Exchange Commission and in media interviews.
Security
Amazon Relational Database Service exposing PII via cloud 'snapshots' | SC Media
Amazon Relational Database Service is a platform-as-a-service for optional engines like MySQL, and has an intuitive feature called “RDS snapshot” that allows a user to share public data or a template database to an application, Mitiga explained in a Nov. 16 post. The feature makes it easier to share a snapshot with colleagues while “not having to deal with roles and policies,” making a snapshot public for “just a few minutes.”
FDA Updates Medical Device Cyber Response Playbook
Federal officials released updated guidance for preparing and responding to medical device cybersecurity incidents, including ransomware, as cyberattacks against the healthcare sector continue to surge.
Texas signals potential changes to cybersecurity policies
These include creating new cyber-incident reporting requirements for local governments and school districts, requiring government entities to adopt the .gov domain, allowing information security officers to serve as joint officials presiding over several jurisdictions and establishing a statewide chief privacy officer role.
Odgers Berndtson Seeks Chief Cybersecurity Officer for U.S. House of Representatives - Hunt Scanlon Media
Executive search firm Odgers Berndtson has been enlisted to find a chief information security officer (CISO) for the Office of the Chief Administrative Officer (CAO) of the U.S. House of Representatives. Partners Diane Gilley, a member of both the firm’s technology practice and CIO and technology officers practice, and Jon Barney, head of the U.S. aerospace, defense, and national security practice, are spearheading the assignment.
Understanding and Responding to Distributed Denial-of-Service Attacks
The Cybersecurity and Infrastructure Security Agency (CISA), alongside the Federal Bureau of Investigation (FBI) and the Multi-State Information Sharing and Analysis Center (MS-ISAC), released a joint guide containing recommended procedures to reduce the likelihood and impact of distributed denial-of-service (DDoS) incidences.
Privacy
Misconfigured Server Exposed PHI of 600,000 Inmates
A server misconfiguration at a firm that provides medical claims processing for correctional facilities exposed sensitive information of nearly 600,000 inmates who received medical care during the last decade while incarcerated.
Google to pay $392m to 40 states over location tracking in ‘historic win’ for users | The Independent
State attorneys general called it the largest multistate privacy settlement in history and a major win against corporate surveilance of citizens.
Europe
Assurance maladie complémentaire : la CNIL appelle à clarifier et sécuriser le cadre juridique pour l’utilisation de données de santé | CNIL
The CNIL called for a law "to guarantee the privacy of individuals and ensure the legal security of health professionals and mutual insurance companies."
Is Elon Musk’s Twitter about to fall out of the GDPR’s one-stop shop? | TechCrunch
Twitter is no longer fulfilling key obligations required for it to claim Ireland as its so-called main establishment under the European Union’s General Data Protection Regulation (GDPR), a source familiar with the matter has told TechCrunch.
Misc
Hot Market for Cyber Insurance Begins to Stabilize - WSJ
An explosion in ransomware has led to high premiums, but the market shows signs of cooling off
Former Anti-Abortion Leader Alleges Another Supreme Court Breach - The New York Times
As the Supreme Court investigates the extraordinary leak this spring of a draft opinion of the decision overturning Roe v. Wade, a former anti-abortion leader has come forward claiming that another breach occurred in a 2014 landmark case involving contraception and religious rights.
FTX Auditors Doubled as Crypto Industry Cheerleaders - WSJ
When FTX faced a liquidity crunch, the auditor of its U.S. unit seized the moment to promote its services for other crypto companies that were under the spotlight.
It is a “great time to remember” Armanino LLP’s specialized crypto assurance, the firm tweeted last week, referring to a product that verifies customer assets held by crypto firms.
Macau Under Spotlight Amid U.S. Inspections of China-Based Audits - WSJ
A recent agreement between Washington and China allowing U.S. accounting regulators to inspect China-based audits is raising questions about the role of unregistered auditors in the Chinese gambling enclave of Macau, where several U.S.-listed casino businesses operate.