We bring to your attention a sampling of recent media stories involving cyber risk and privacy liability. These exposures include business interruption, legal liability (such as class action lawsuits), as well as crisis costs to investigate the breach, notify the victims and defend/settle lawsuits, including AG regulatory enforcement actions and fines. Also, don’t miss the items below in ORANGE.


NETDILIGENCE® CYBER LIABILITY CONFERENCE – CANADA
SAVE THE DATE:   FEBRUARY 23, 2018

A packed two-track, full-day agenda with Regulatory and Litigation Updates, Security Solutions and all things Cyber Coverage! New this year, a designated track just for Risk Managers. Our conference will be held once again at the beautiful Ritz-Carlton in Toronto. LEARN MORE.


HEALTHCARE
11 healthcare privacy incidents reported in June

Privacy incidents at government departments, equipment suppliers and other healthcare organizations captured public attention last month. …Here are 11 incidents, as reported to HHS’ Office for Civil Rights breach portal or covered by Becker’s Hospital Review. The incidents are presented in order of number of patients affected. Click to read entire article.

Atlanta clinic finds 15-month breach during investigation on separate ransomware attack

Peachtree Neurological Clinic discovered a 15-month breach in the process of investigating a recent ransomware incident, the Atlanta-based provider announced this week. While PNC officials did not disclose when the most recent ransomware attack occurred, its electronic health record system was encrypted by the virus. Instead of paying the ransomware, officials were able to restore the files and functionality from backup records.. Click to read entire article.

Colorado Medicaid system data breach potentially exposed private information of 822 people

The technology company at the center of an ongoing Medicaid payment fiasco in Colorado now says a system glitch might have inadvertently shared the private health information of 822 people. Click to read entire article.

Medical center reports information breach affecting 1,500

The Detroit Medical Center says a breach of health information affects more than 1,500 patients seen at one of its facilities in 2015 and 2016. The health system announced Thursday that a staffing agency contracted by the DMC notified hospital officials that one of the agency’s employees provided the information to unauthorized people who weren’t affiliated with the DMC organization. Click to read entire article.

UC Davis Health System Phishing Attack Potentially Impacts 15K

Recent possible healthcare data breaches include an email phishing attack, a ransomware attack, and an instance of PHI exposure lasting two years. Click to read entire article.

Saint Thomas Health Data Breach from Misplaced Documents

Recent potential health data breaches include an instance of misplaced documents, a ransomware attack, and an online error resulting in document delivery to the wrong medical facility. Click to read entire article.

MANUFACTURING
—BUSINESS INTERRUPTION—
Cyber attack hits Hobart Cadbury factory

A global cyber attack has hit chocolate company Cadbury’s factory in Claremont, Tasmania. It’s the first place in Australia known to be affected by the ransomware attack which has hit companies including Mondelez International, the owner of the Cadbury factory. The Australian Manufacturing Workers’ Union’s Tasmanian secretary John Short says production stopped about 9.30pm on Tuesday after computers stopped working at the factory. Click to read entire article.

FINANCIAL SERVICES
Hacker steals $7.4 million in ethereum during CoinDash ICO launch

The hack took only a few minutes but allowed the criminal to escape with millions in investor funds. Click to read entire article.

Dow Jones victim of data breach

The financial firm says the personal information of more than two million customers has been exposed because of the breach, including subscribers to the Wall Street Journal. Click to read entire article.

VENDOR-CAUSED BREACH
Verizon partner data breach exposes millions of customer records

Millions of Verizon customers have had their records exposed, ZDNet reported earlier today. Verizon confirmed that 6 million records were compromised by Nice Systems, a Verizon partner that facilitates customer service calls. The records, which held logs from residential customers who had called Verizon customer service in the past six months, were accessed via an unprotected Amazon S3 storage server controlled by an employee of Nice Systems. Click to read entire article.

RETAIL
Wilshire Law Firm Files Lawsuit Against Brooks Brothers For Retail Data Breach

The complaint alleges that Brooks Brothers violated California constitutional laws and California unfair competition laws; breached implied contracts, and acted negligently, when the company failed to safeguard and protect its customers’ information from threat of being lost, stolen, misused, and/or disclosed to unauthorized parties. Click to read entire article.

Up to 1.6 million at risk in workplace food vendor data breach

Avanti Markets, which provides food kiosks often found in company breakrooms, fell victim to a data breach that may have impacted up to 1.6 million people. The Tukwila, Washington-based company said the incident affected employees’ payment card information, email addresses and possibly their saved biometric authentication data. Click to read entire article.

HIGHER EDUCATION
BYU financial service shutdown result of security breach?

BYU had yet to release the cause of Y-Expense’s shutdown as of Monday, July 3, and the university did not issue a timetable for it coming back online. The Y-Expense reporting system has been inaccessible since June 20. Those attempting to access the system continue to be met with a message that reports Y-Expense is temporarily down for maintenance. Click to read entire article.

PII of 1 million compromised in Washington State University safe heist

Letters from Washington State University (WSU) have begun to arrive in the mail boxes of approximately 1 million individuals whose personal identifiable information was compromised when a safe which contained a backup hard drive was stolen. Click to read entire article.

REAL ESTATE
Data breach hits California Assn. of Realtors subsidiary

Los Angeles subsidiary of the California Assn. of Realtors has suffered a data breach that may have exposed the personal information of up to 1,033 individuals who made purchases through its website. Click to read entire article.

INTERNET OF THINGS (IoT)
A smart fish tank left a casino vulnerable to hackers

Most people know about phishing — but one casino recently learned about the dangers of actual fish tanks. Hackers attempted to steal data from a North American casino through a fish tank connected to the internet, according to a report from security firm Darktrace. Click to read entire article.

PUBLIC ENTITY
Pennsylvania endured 90 billion attempted cyber intrusions in 2017: Report

Hackers tried to breach Pennsylvania government computers over 90 billion times in 2016, a state official said Tuesday, highlighting the scope of the cybersecurity risks at hand across the country as concerns linger surrounding hacking’s role in last year’s U.S. election. Click to read entire article.

Texas Association of School Boards Data Breach Exposes Teachers’ Social Security Numbers

The Victoria school district was one of many districts affected by a data breach through the Texas Association of School Boards. The association learned recently that personal information of employees became inadvertently visible to the public on the internet, according to a June 21 news release. Click to read entire article.

Clearfield County CYS notifies residents about security breach

The Clearfield County Children and Youth Family Services office is notifying residents about a security breach. In a notice dated on June 30, the county run agency told residents that links to a small number of files were shown online in March and April. The data breach included dates of birth and social security numbers. Click to read entire article.

FBI: More than 200,000 records breached in Wooster area

The FBI is warning of a government computer data breach that involves more than 200,000 records containing confidential personal information of residents in the Wooster, Ashland, and Orrville areas. Click to read entire article.

CYBER/BREACH SETTLEMENTS
Settling Ashley Madison Data Breach Lawsuit Was Likely ‘Inevitable’

Experts say that the settlement, announced for $11.2 million earlier this month, made sense for all parties involved. Click to read entire article.

CYBER RISK STUDIES
Average Cost Per Record of US Data Breach in Ed: $245

According to Ponemon’s “2017 Cost of Data Breach Study,” the average total organizational cost across all segments, not just education, is $7.35 million, up almost five percent over last year’s $7 million. Click to read entire article.

CANADA
Settlement of Walmart Canada Photo Centre Data Breach Lawsuits – Lessons Learned

Canadian class action lawsuits over the Walmart Canada Photo Centre data breach were settled in May 2017. The lawsuits and settlement provide useful lessons for Canadian organizations that collect and process sensitive customer information. Click to read entire article.

EUROPE / UK
Thousands of customers ‘at risk’ following Virgin Media hack

VIRGIN Media is advising more than 800,000 customers with a specific router to change their password immediately after an investigation found hackers could gain access to it. Click to read entire article.

Major data breach involving “thousands” of AA Shop customers revealed

More than 100,000 AA customers are understood to be affected by a serious data breach involving the motoring company’s online shop. Click to read entire article.

ASIA/PACIFIC
Canberra reviewing online Medicare lookup after data breach

Insider with a login, rather than an outsider with a hack, seems culprit for darkweb privacy panic. Click to read entire article.

Vic taxpayers hit by data breach

A data breach at Victoria’s major tax collection agency has led to 4400 overdue notices being sent to the wrong people. Click to read entire article.

Experts rush to Mumbai port after cyber attack

The ministry of shipping said National Cyber Security Coordinator Gulshan Rai was rushed to Mumbai to assist the company. Click to read entire article.

DoT to seek detail over data breach from Reliance Jio: Telecom Secy

The Department of Telecom will soon seek details of alleged subscriber data breach of Reliance Jio, a top official said today. “They (company) have not come to us but we will seek details from them,” Telecom Secretary Arun Sundararajan said. Click to read entire article.

RBI makes online payments safer, customer won’t lose money if bank’s security system is faulty

The Reserve Bank of India on Thursday said bank customers who are victims of fraudulent or unauthorised electronic transactions will not bear any loss if the transaction is due to a fault in the bank’s security system, or a third-party breach. Click to read entire article.

Regards,
Mark Greisiger
NetDiligence®
Cyber Risk Readiness & Response