Top Stories
Former Uber Security Chief Gets Probation in Obstruction Case - WSJ
Joseph Sullivan, the former chief security officer at Uber Technologies, was sentenced to three years’ probation by a federal court in San Francisco, over criminal obstruction charges relating to a 2016 data breach at the ride-hailing giant.
Patient Drops Request to Compel Hospital Group to Pay Ransom - WSJ
The patient, named as Jane Doe in a lawsuit filed in March, initially asked a judge to compel the Allentown, Pa.-based company to pay a ransom of more than $5 million to the BlackCat ransomware group. She withdrew the request April 18 after the federal judge overseeing the case requested an explanation of why the court would force Lehigh Valley “to comply with an illegal act or pay an illegal ransom.”
Breaches
Companies Increasingly Hit With Data Breach Lawsuits: Law Firm - SecurityWeek
Lawsuits filed against companies that have suffered a data breach are increasingly common, with action being taken more frequently even in cases where the number of impacted individuals is smaller, according to US law firm BakerHostetler.
One Brooklyn Reports Breach, Faces Lawsuit Post-Cyberattack
A safety net hospital system in New York City faces a proposed class action lawsuit tied to a late 2022 cybersecurity incident that breached the personal information of more than 235,000 patients.
Brightline data breach impacts 783K pediatric mental health patients
Pediatric mental health provider Brightline is warning patients that it suffered a data breach impacting 783,606 people after a ransomware gang stole data using a zero-day vulnerability in its Fortra GoAnywhere MFT secure file-sharing platform.
Security
Boards Are Having the Wrong Conversations About Cybersecurity
Just 69% of responding board members see eye-to-eye with their chief information security officers (CISOs). Fewer than half (47%) of members serve on boards that interact with their CISOs regularly, and almost a third of them only see their CISOs at board presentations.
TN Medical Clinic Remains Partially Closed As It Recovers From Cyberattack
MMC has not yet determined whether any patient or employee information was accessed or removed from its network but encouraged patients and employees to monitor their personal data for misuse.
Google is replacing Chrome's lock icon because most people don't know what it means | Engadget
The tune icon doesn't imply trustworthiness, Google says. Instead, it signals that security is the default state. It also invites a click, making it more likely that you'll use site controls. Many people never even realized they could click the lock, according to the company.
Privacy
Indiana governor signs a comprehensive privacy act into law
The Indiana Consumer Data Protection Act, signed into law 1 May, follows in the footsteps of the Colorado, Connecticut and Virginia privacy laws with its rights and requirements.
Misc
Medical Device Maker Stryker Faces New Bribery Concerns - WSJ
Medical-device maker Stryker disclosed an investigation by U.S. authorities into potential violations of antibribery law, the third such probe into the company in the past decade.