We bring to your attention a sampling of recent media stories involving cyber risk & privacy liability. This month we’re highlighting a $14M ransom and $6M settlement in the healthcare sector, more ransomware attacks on public entities, the expanding scope of the Desjardins data breach, and the largest GDPR fine to-date. Don’t miss the items in ORANGE below.
More than 100 nursing homes were left vulnerable, without entry to patient medical records, after their data provider experienced a breach — an example of a threat that could become more widespread in an industry not known for technological advancement. Click to read entire article.
A major Dallas-based data center operator says it is working to restore service to six of its customers after a ransomware attack, which primarily affected customers hosted at the company’s New York data center. Click to read entire article.
New Orleans Mayor LaToya Cantrell declared a state of emergency Friday after the city was hit by a cyberattack. …While ransomware was detected, no ransom has been demanded in the cyberattack, Cantrell said. Click to read entire article.
City officials have confirmed that the ongoing cyberattack against the city of Pensacola is a ransomware attack, but declined to release any additional information, including details about any potential demands. Click to read entire article.
The Secret Service is investigating after MSAD 6 became the victim of a ransomware attack, according to district officials. MSAD 6 officials say sensitive employee information was hacked around Nov. 30, and a piece of ransomware was installed on a server. Click to read entire article.
A ransomware attack completely wiped the patron database of The Shakespeare Theatre of New Jersey in Madison, which caused it to cancel Wednesday night’s performance of Charles Dickens’ “A Christmas Carol,” the theater announced. Click to read entire article.
There’s a road in my town that’s widely regarded as a speed trap. …I think of this road when I hear people say they don’t buy cyber insurance because “everyone knows” cyber claims don’t get paid. Click to read entire article.
Network Solutions encrypts the credit card details stored on their site, meaning that no financial information was compromised. However, personal information such as names, addresses, phone numbers, email address, and information about the services that were provided to the named account holder are still valuable to cybercriminals. Click to read entire article.
Unauthorized access of a server used to process payments for a San Bernardino County, Calif., water utility may have exposed some customers’ billing information to theft, authorities disclosed last week. Click to read entire article.
The Leesport, Pa., Borough Tax Collector has issued an alert via email to residents, advising them to put their bank accounts on hold after learning that the collector’s computer system has been hacked. Click to read entire article.
The class action lawsuit was filed in August 2016 on behalf of close to 3 million individuals affected by the data breach. Hackers initially attacked Banner’s network through its payment processing system at food and beverage outlets, then ultimately gained access to servers that contained patient data. Click to read entire article.
One of the 130,000 patients who may have been affected by a data breach at Kalispell (Mont.) Regional Healthcare filed a lawsuit Nov. 25 against the health system… Click to read entire article.
An audit of the electronic health records system at Nebraska Medicine in October enabled the organization to discover a data breach earlier than it would otherwise. Click to read entire article.
In November, Solara notified more than 114,000 patients of a cybersecurity incident. The devicemaker said that in June it discovered an unauthorized third-party had gained access to employees’ emails. The unauthorized person had access to the email accounts between April 2 to June 20. Click to read entire article.
A joint investigation by cybersecurity firm Comparitech and security researcher Bob Diachenko revealed that a database of more than 2.7 billion email addresses exposed online, allowing anyone to access identity information. It also stated that around one billion of those records contained a plain-text password list related to exposed email addresses. Click to read entire article.
Don’t expect a note with hand-cut magazine letters when your enterprise network is taken hostage. You’ll know when the entire business shuts down, when panic unfolds as no one can access systems for needed operations, and when a nameless threat actor on the opposite side of the world starts demanding large sums of money in Bitcoin in exchange for your decrypted data. Click to read entire article.
Desjardins Group says the former employee suspected of orchestrating a massive data breach also had access to the personal information of a further 1.8-million credit card holders. Click to read entire article.
$11 Million Fine for Authentication Shortcomings at Telecommunications Provider
One of the largest fines to date for violating the EU’s General Data Protection Regulation has been announced by Germany’s federal privacy watchdog. Click to read entire article.
Data Privacy Exposure Could Lead To Millions In Fines
British music streaming service Mixcloud admitted this month that data from more than 20 million users was compromised in a data breach. Click to read entire article.
The details of millions of Iranian bank cards were published online after antigovernment protests last month. Experts suspect a state-sponsored cyberattack. Click to read entire article.
Centennial Lawyers filed a class action in the Supreme Court of NSW on 20 November 2017 on behalf of all NSW Ambulance 130 employees and contractors whose sensitive health and personal information was inadvertently accessed between 14 January 2013 and 1 February 2013. Click to read entire article.