We bring to your attention a sampling of recent media stories involving cyber risk & privacy liability. Among the stories we’re highlighting this month: Barracuda Networks Inc. sued for a client data breach, a major warning from the FBI about attacks targeting the U.S. Healthcare system just as nationwide cases of COVID-19 are spiking, a group of marijuana growers hit in a major data breach, and more.
Cyber Insurance Outlook
The global cyber insurance market is expected to reach a value of $70,671.9 million by 2030, from $5,573.2 million in 2019. Click to read entire article
Cybersecurity Tech
Zoll Medical Sues Security Co. Over Major 2018 Data Breach
Medical device maker Zoll Medical Corp. hit Barracuda Networks Inc. with a suit in Massachusetts federal court Friday, alleging the California-based information technology security company failed to put in place adequate safeguards to prevent a 2018 data breach that exposed the confidential information of more than 277,000 patients. Click to read entire article
Ransomware Corner
Updates on 5 hospital cyberattacks:
– Sky Lakes Medical Center in Klamath Falls, Ore.
– St. Lawrence Health System in Upstate New York a
– Sonoma (Calif.) Valley Hospital
Alamance Skin Center reports cyber attack breach
A Cone Health medical practice has been hit by a ransomware cyberattack. The Greensboro-based health system announced this week that on Oct. 21, Alamance Skin Center in Burlington was the victim of a phishing scam or brute force attack used to gain access to the system. Click to read entire article
Thousands of personal information stolen in last month’s ransomware attack on Guilford Technical Community College
The data breach impacted 43,000 students and staff at Guilford Technical Community College in September. Click to read entire article
Healthcare
(Major Warning Alert! Log in to your eRiskHub for a memo from FBI InfraGard)
FBI warns ransomware assault threatens US healthcare system
Federal agencies warned that cybercriminals are unleashing a wave of data-scrambling extortion attempts against the U.S. healthcare system designed to lock up hospital information systems, which could hurt patient care just as nationwide cases of COVID-19 are spiking. Click to read entire article
28 States Resolve CHS Data Breach Investigation for $5M
Late last month, a coalition of 28 attorneys general announced a $5 million multistate settlement with Tennessee-based Community Health Systems, Inc. (CHS), stemming from the 2014 data breach that involved the personal information of 6.1 million Americans. Click to read entire article
(Vendor Caused/Blackbaud)
Healthcare system: 23,000 people affected by data breach
A healthcare system based in Virginia said its third-party vendor experienced a data security breach earlier this year that affected more than 23,000 patients, donors and employees of the system. Click to read entire article
Data breach affecting 12,600 patients reported at Beaufort hospital. What happened?
Over 12,600 patients were affected by a data breach at Beaufort Memorial Hospital in early August, the hospital confirmed Wednesday. BMH began to notify 12,636 patients in early August of an error related to billing and collections notices mailed out on Aug. 1 after discovering the issue two days later. Click to read entire article
Wakefern, ShopRite Pay New Jersey $235K for Fraud Act, HIPAA Violations
The New Jersey Division of Consumer Affairs and NJ Attorney General Gurbir Grewal announced a settlement with Wakefern Food Corp and two associated ShopRite supermarkets to resolve violations of the NJ Consumer Fraud Act and HIPAA, stemming from improper records disposal. Click to read entire article
Triple Data Breach Earns Insurer $1m Fine
An American insurance company has been fined $1m over three data breaches that occurred over a six-month period in 2017. Aetna agreed to the fine and to the adoption of a corrective action plan to settle potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules. Click to read entire article
Medical Marijuana
Millions of marijuana growers hit in major data breach
An online community of marijuana growers has suffered a major data breach after two related apps were made accessible online without administrative passwords Click to read entire article
Financial Sector
Financial institutions can sue Sonic as a class over data breach, judge rules
An Ohio federal judge has certified a class of financial institutions in a lawsuit over Sonic Corp’s 2017 data breach that exposed customers’ payment card data from 325 of the fast-food chain’s drive-in locations. Click to read entire article
Fraudulent Charges Appearing On Bank Of America EDD Debit Cards Of 350,000 Unemployed Californians
Something very scary is happening to thousands of unemployed Californians who receive their government benefits through a Bank of America debit card – their accounts are getting drained by fraudsters. Click to read entire article
Public Entities
City Fined $202,400 or Health Data Breach
Four years after a data breach that compromised the personal information of hundreds of New Haveners with sexually transmitted diseases, the city has agreed to pay a $202,400 fine (approx. $340 per record) and clean up its act. The city has struck that agreement with the U.S. Department of Health and Human Services’ Office of Civil Rights. Click to read entire article
CT’s Dept. of Social Services investigates possible data breach
The state’s Dept. of Social Services said it is investigating a possible data breach that could have impacted about 37,000 clients. Click to read entire article
K-12 Schools
Muscatine school district alerts parents about a possible student data breach
The cybersecurity incident may have resulted in the exposure of personal information processed through them, such as name, Social Security number, Medicaid ID number, billing or claims information, date of birth, medical record number, and more. Click to read entire article
Canada
Montreal Metro Hacker Demands $2.8m Ransom
A malicious hacker that attacked Montreal’s transit agency with malware has demanded a ransom of US $2.8m to restore normal network operations. Click to read entire article
Home Depot Canada exposes private customer data following systems error
The Home Depot Inc. in Canada has suffered a data leak after sending customer information to other Home Depot customers. Click to read entire article
EU/UK
Data Breach Hits 1 Million Swedes After Insurance Firm Error
One of Sweden’s largest private insurers says it inadvertently allowed some of the world’s biggest tech companies to gain access to private data in a breach that affected up to 1 million clients. Folksam Group, which oversees about $50 billion in insurance assets, said it shared client data with Facebook, Google, Microsoft, LinkedIn and Adobe, according to a statement on Tuesday. Click to read entire article
ICO lowers Marriott data breach fine to £18.4 million
The regulator had proposed to impose a £99 million fine on the hotel chain last year Click to read entire article
Gunnebo data breach: Blueprints of bank vaults, security systems leaked online
Blueprints of bank vaults, security systems leaked online Click to read entire article
Asia Pacific
Fintech Cermati data breach points to urgency for data protection law: Experts Click to read entire article
Alibaba’s Lazada Suffers Data Breach Involving 1.1M Users Click to read entire article