FALL

2020

Cyber Risk News

We bring to your attention a sampling of recent media stories involving cyber risk & privacy liability. This month we’re highlighting a $14M ransom and $6M settlement in the healthcare sector, more ransomware attacks on public entities, the expanding scope of the Desjardins data breach, and the largest GDPR fine to-date. Don’t miss the items in ORANGE below.

THE RANSOMWARE CORNER
Skilled Nursing Data Breach with $14M Ransom Illustrates Industry’s Cybersecurity Problems

More than 100 nursing homes were left vulnerable, without entry to patient medical records, after their data provider experienced a breach — an example of a threat that could become more widespread in an industry not known for technological advancement. Click to read entire article.

Major Dallas Data Center Discloses New Ransomware Attack

A major Dallas-based data center operator says it is working to restore service to six of its customers after a ransomware attack, which primarily affected customers hosted at the company’s New York data center. Click to read entire article.

New Orleans mayor declares state of emergency in wake of city cyberattack

New Orleans Mayor LaToya Cantrell declared a state of emergency Friday after the city was hit by a cyberattack. …While ransomware was detected, no ransom has been demanded in the cyberattack, Cantrell said. Click to read entire article.

Cyberattack against city of Pensacola is ransomware attack, officials confirm

City officials have confirmed that the ongoing cyberattack against the city of Pensacola is a ransomware attack, but declined to release any additional information, including details about any potential demands. Click to read entire article.

Maine school district victim of ransomware attack

The Secret Service is investigating after MSAD 6 became the victim of a ransomware attack, according to district officials. MSAD 6 officials say sensitive employee information was hacked around Nov. 30, and a piece of ransomware was installed on a server. Click to read entire article.

Shakespeare Theatre in Madison hit by ransomware attack, loses seating and patron database

A ransomware attack completely wiped the patron database of The Shakespeare Theatre of New Jersey in Madison, which caused it to cancel Wednesday night’s performance of Charles Dickens’ “A Christmas Carol,” the theater announced. Click to read entire article.

CYBER INSURANCE
Cyber Insurance Claims Get Paid; Why Do Many Believe They Don’t?

There’s a road in my town that’s widely regarded as a speed trap. …I think of this road when I hear people say they don’t buy cyber insurance because “everyone knows” cyber claims don’t get paid. Click to read entire article.

IT INFRASTRUCTURE
Domain Provider ‘Network Solutions’ Announces Data Breach

Network Solutions encrypts the credit card details stored on their site, meaning that no financial information was compromised. However, personal information such as names, addresses, phone numbers, email address, and information about the services that were provided to the named account holder are still valuable to cybercriminals. Click to read entire article.

PUBLIC ENTITY
Southern California Water District Grapples With Data Breach

Unauthorized access of a server used to process payments for a San Bernardino County, Calif., water utility may have exposed some customers’ billing information to theft, authorities disclosed last week. Click to read entire article.

Tax Collector Database in Pennsylvania Reports Breach

The Leesport, Pa., Borough Tax Collector has issued an alert via email to residents, advising them to put their bank accounts on hold after learning that the collector’s computer system has been hacked. Click to read entire article.

HEALTHCARE
—SETTLEMENT ALERT—
Banner Health agrees to $6M settlement to resolve 2016 data breach lawsuit

The class action lawsuit was filed in August 2016 on behalf of close to 3 million individuals affected by the data breach. Hackers initially attacked Banner’s network through its payment processing system at food and beverage outlets, then ultimately gained access to servers that contained patient data. Click to read entire article.

—LAWSUIT ALERT—
Patient sues Montana health system after November data breach, seeks class action

One of the 130,000 patients who may have been affected by a data breach at Kalispell (Mont.) Regional Healthcare filed a lawsuit Nov. 25 against the health system… Click to read entire article.

EHR audit at Nebraska Medicine reveals a data breach

An audit of the electronic health records system at Nebraska Medicine in October enabled the organization to discover a data breach earlier than it would otherwise. Click to read entire article.

—LAWSUIT ALERT—
Solara Medical Supplies hit with class-action lawsuit after data breach

In November, Solara notified more than 114,000 patients of a cybersecurity incident. The devicemaker said that in June it discovered an unauthorized third-party had gained access to employees’ emails. The unauthorized person had access to the email accounts between April 2 to June 20. Click to read entire article.

CYBER RISK RESEARCH
2.7 Billion Email Addresses Exposed Online

A joint investigation by cybersecurity firm Comparitech and security researcher Bob Diachenko revealed that a database of more than 2.7 billion email addresses exposed online, allowing anyone to access identity information. It also stated that around one billion of those records contained a plain-text password list related to exposed email addresses. Click to read entire article.

5 Ransomware Facts You Need to Know About

Don’t expect a note with hand-cut magazine letters when your enterprise network is taken hostage. You’ll know when the entire business shuts down, when panic unfolds as no one can access systems for needed operations, and when a nameless threat actor on the opposite side of the world starts demanding large sums of money in Bitcoin in exchange for your decrypted data. Click to read entire article.

CANADA
Potential scope of Desjardins data breach widens to include another 2 million credit card holders

Desjardins Group says the former employee suspected of orchestrating a massive data breach also had access to the personal information of a further 1.8-million credit card holders. Click to read entire article.

UK/EUROPE
GDPR Violation: German Privacy Regulator Fines 1&1 Telecom
$11 Million Fine for Authentication Shortcomings at Telecommunications Provider

One of the largest fines to date for violating the EU’s General Data Protection Regulation has been announced by Germany’s federal privacy watchdog. Click to read entire article.

Incident Of The Week: Mixcloud Data Breach Puts 20 Million Users at Risk
Data Privacy Exposure Could Lead To Millions In Fines

British music streaming service Mixcloud admitted this month that data from more than 20 million users was compromised in a data breach. Click to read entire article.

MIDDLE EAST
Iran Banks Burned, Then Customer Accounts Were Exposed Online

The details of millions of Iranian bank cards were published online after antigovernment protests last month. Experts suspect a state-sponsored cyberattack. Click to read entire article.

ASIA/PACIFIC
NSW Ambulance expected to settle data breach class action

Centennial Lawyers filed a class action in the Supreme Court of NSW on 20 November 2017 on behalf of all NSW Ambulance 130 employees and contractors whose sensitive health and personal information was inadvertently accessed between 14 January 2013 and 1 February 2013. Click to read entire article.


Vol. 215 – December 18, 2019

Download 2019 Cyber Claims Study

The annual NetDiligence® Cyber Claims Study uses actual cyber liability insurance reported claims to illuminate the real costs of incidents from an insurer’s perspective.

Download

FALL 2020

Register Today!

© 2020 NetDiligence All Rights Reserved.