We bring to your attention a sampling of recent media stories involving cyber risk & privacy liability. Among the stories we’re highlighting this month: Barracuda Networks Inc. sued for a client data breach, a major warning from the FBI about attacks targeting the U.S. Healthcare system just as nationwide cases of COVID-19 are spiking, a group of marijuana growers hit in a major data breach, and more.

Cyber Insurance Outlook

The global cyber insurance market is expected to reach a value of $70,671.9 million by 2030, from $5,573.2 million in 2019. Click to read entire article

Cybersecurity Tech

Zoll Medical Sues Security Co. Over Major 2018 Data Breach

Medical device maker Zoll Medical Corp. hit Barracuda Networks Inc. with a suit in Massachusetts federal court Friday, alleging the California-based information technology security company failed to put in place adequate safeguards to prevent a 2018 data breach that exposed the confidential information of more than 277,000 patients. Click to read entire article

Ransomware Corner

Updates on 5 hospital cyberattacks:

– Sky Lakes Medical Center in Klamath Falls, Ore.

– St. Lawrence Health System in Upstate New York a

– Sonoma (Calif.) Valley Hospital

Click to read entire article

Alamance Skin Center reports cyber attack breach

A Cone Health medical practice has been hit by a ransomware cyberattack. The Greensboro-based health system announced this week that on Oct. 21, Alamance Skin Center in Burlington was the victim of a phishing scam or brute force attack used to gain access to the system. Click to read entire article

Thousands of personal information stolen in last month’s ransomware attack on Guilford Technical Community College

The data breach impacted 43,000 students and staff at Guilford Technical Community College in September. Click to read entire article

Healthcare

(Major Warning Alert! Log in to your eRiskHub for a memo from FBI InfraGard)

FBI warns ransomware assault threatens US healthcare system

Federal agencies warned that cybercriminals are unleashing a wave of data-scrambling extortion attempts against the U.S. healthcare system designed to lock up hospital information systems, which could hurt patient care just as nationwide cases of COVID-19 are spiking. Click to read entire article

28 States Resolve CHS Data Breach Investigation for $5M

Late last month, a coalition of 28 attorneys general announced a $5 million multistate settlement with Tennessee-based Community Health Systems, Inc. (CHS), stemming from the 2014 data breach that involved the personal information of 6.1 million Americans. Click to read entire article

(Vendor Caused/Blackbaud)

Healthcare system: 23,000 people affected by data breach

A healthcare system based in Virginia said its third-party vendor experienced a data security breach earlier this year that affected more than 23,000 patients, donors and employees of the system. Click to read entire article

Data breach affecting 12,600 patients reported at Beaufort hospital. What happened?

Over 12,600 patients were affected by a data breach at Beaufort Memorial Hospital in early August, the hospital confirmed Wednesday. BMH began to notify 12,636 patients in early August of an error related to billing and collections notices mailed out on Aug. 1 after discovering the issue two days later. Click to read entire article

Wakefern, ShopRite Pay New Jersey $235K for Fraud Act, HIPAA Violations

The New Jersey Division of Consumer Affairs and NJ Attorney General Gurbir Grewal announced a settlement with Wakefern Food Corp and two associated ShopRite supermarkets to resolve violations of the NJ Consumer Fraud Act and HIPAA, stemming from improper records disposal. Click to read entire article

Triple Data Breach Earns Insurer $1m Fine

An American insurance company has been fined $1m over three data breaches that occurred over a six-month period in 2017. Aetna agreed to the fine and to the adoption of a corrective action plan to settle potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules. Click to read entire article

Medical Marijuana

Millions of marijuana growers hit in major data breach

An online community of marijuana growers has suffered a major data breach after two related apps were made accessible online without administrative passwords Click to read entire article

Financial Sector

Financial institutions can sue Sonic as a class over data breach, judge rules

An Ohio federal judge has certified a class of financial institutions in a lawsuit over Sonic Corp’s 2017 data breach that exposed customers’ payment card data from 325 of the fast-food chain’s drive-in locations. Click to read entire article

Fraudulent Charges Appearing On Bank Of America EDD Debit Cards Of 350,000 Unemployed Californians

Something very scary is happening to thousands of unemployed Californians who receive their government benefits through a Bank of America debit card – their accounts are getting drained by fraudsters. Click to read entire article

Public Entities

City Fined $202,400 or Health Data Breach

Four years after a data breach that compromised the personal information of hundreds of New Haveners with sexually transmitted diseases, the city has agreed to pay a $202,400 fine (approx. $340 per record) and clean up its act. The city has struck that agreement with the U.S. Department of Health and Human Services’ Office of Civil Rights. Click to read entire article

CT’s Dept. of Social Services investigates possible data breach

The state’s Dept. of Social Services said it is investigating a possible data breach that could have impacted about 37,000 clients. Click to read entire article

K-12 Schools

Muscatine school district alerts parents about a possible student data breach

The cybersecurity incident may have resulted in the exposure of personal information processed through them, such as name, Social Security number, Medicaid ID number, billing or claims information, date of birth, medical record number, and more. Click to read entire article

Canada

Montreal Metro Hacker Demands $2.8m Ransom

A malicious hacker that attacked Montreal’s transit agency with malware has demanded a ransom of US $2.8m to restore normal network operations. Click to read entire article

Home Depot Canada exposes private customer data following systems error

The Home Depot Inc. in Canada has suffered a data leak after sending customer information to other Home Depot customers. Click to read entire article

EU/UK

Data Breach Hits 1 Million Swedes After Insurance Firm Error

One of Sweden’s largest private insurers says it inadvertently allowed some of the world’s biggest tech companies to gain access to private data in a breach that affected up to 1 million clients. Folksam Group, which oversees about $50 billion in insurance assets, said it shared client data with Facebook, Google, Microsoft, LinkedIn and Adobe, according to a statement on Tuesday. Click to read entire article

ICO lowers Marriott data breach fine to £18.4 million

The regulator had proposed to impose a £99 million fine on the hotel chain last year Click to read entire article

Gunnebo data breach: Blueprints of bank vaults, security systems leaked online

Blueprints of bank vaults, security systems leaked online Click to read entire article

Asia Pacific

Fintech Cermati data breach points to urgency for data protection law: Experts Click to read entire article

Alibaba’s Lazada Suffers Data Breach Involving 1.1M Users Click to read entire article