Archives: Cybersecurity

Subscribe to Cybersecurity RSS Feed

Cyber Exposures Rise During Pandemic

Although it is logical that cyber-attacks have risen during the pandemic, and there is anecdotal evidence that it is occurring, including our own experience, an interesting new report was recently released by Allianz, which provides cyber-liability insurance products. According to the report, “While the COVID-19 outbreak cannot be said to be a direct cause of … Continue Reading

Baltimore County School District Hit with Ransomware Attack Right Before Thanksgiving

Baltimore County Public Schools shut down Monday and Tuesday following a ransomware attack that paralyzed the school system’s network last week right before Thanksgiving. According to the Baltimore Sun, officials described the event as a “catastrophic attack on our technology system.” The ransomware attack is reported to have hit the entire Baltimore County Public Schools’ … Continue Reading

Responding to Cyber-Attacks in the Utility and Energy Sectors

To assist utilities with assessing and responding to cyber risks, the Federal Energy Regulatory Commission (FERC) and the North American Electric Reliability Corporation (NERC) recently issued a report on best practices to respond to and recover from cybersecurity incidents in the utility industry. Like other industries, the utility industry is at high risk for cyber-attacks … Continue Reading

HHS Issues Update to Ransomware Threat Alert to Health Care Sector

The Department of Health and Human Services’ (HHS) Division of Critical Infrastructure Protection (CIP) issued a health care and public health sector notification this week entitled “Ransomware Activity Targeting the Healthcare and Public Health Sector (Update 2),” which was co-authored by the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) … Continue Reading

Privacy Tip #260 — Don’t Fall for the Worrisome Termination Email Sent from Your Boss

Just as ending a relationship with an email or a text message is bad form, employers don’t usually terminate employees with an email. Nonetheless, since a message that appears to address a termination is so drastic and final, it is hard to resist opening it, if only to see if your severance  is mentioned in … Continue Reading

Campari Hit with Ransomware Attack

Campari, the Italian drinks company, recently announced that it was hit with a cyber attack that encrypted its data and potentially exfiltrated some data. According to Campari, “We are still investigating the attack and…determining to what extent there has been any loss of confidentiality. At this stage, we cannot completely exclude that some personal and … Continue Reading

GEO Group Hit with Ransomware Attack

The GEO Group, Inc. (GEO), a publicly held company located in Boca Raton Florida, announced on November 3, 2020, that it is beginning to notify individuals following a ransomware attack that “impacted a limited amount of personally identifiable information and protected health information for some inmates and residents contained on certain servers for a small … Continue Reading

Dealing with Two Schoolyard Bullies: Schools Are Forced to Contend with Cyber-attacks While Also Trying to Manage Covid-19 Crisis

Criminals are apparently not taking any time off during this pandemic, and in fact by all accounts have increased their attacks, particularly targeting entities whose attention is diverted to dealing with the fallout of the Covid-19 crisis. In particular, educational institutions across the country have faced a recent onslaught of ransomware attacks, often crippling an … Continue Reading

DSH Warns of North Korean Advanced Persistent Threat Group Kimsuky Tactics

The Department of Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) this week issued Alert (AA20-301A) titled North Korean Advanced Persistent Threat Focus: Kimsuky warning U.S. businesses, and particularly those in the commercial sector, about tactics used by North Korean advanced persistent threat (APT) group Kimusky. https://us-cert.cisa.gov/ncas/alerts/aa20-301a The Alert, co-authored by the Federal Bureau of … Continue Reading

Urgent Warning of Imminent Threat to Hospitals Issued by U.S. Government

On October 27, 2020, the FBI and the Department of Homeland Security (DHS) warned the health care industry about “an imminent cybercrime threat to U.S. hospitals and healthcare providers.” According to the warning, which was shared during a conference call, the government has received “credible information of an increased and imminent cybercrime threat to U.S. … Continue Reading

UK National Cyber Security Centre Issues Security Alert for SharePoint Vulnerability

The UK National Cyber Security Centre (NCSC) issued an alert on October 16, 2020, to raise awareness “of a new remote code execution vulnerability (CVE – 2020 – 16952)”, which affects Microsoft’s SharePoint product. According to the alert, “successful exploitation of this vulnerability would allow an attacker to run arbitrary code and to carry out … Continue Reading

Ransomware Attack Affects Georgia County Election Administration System

Hall County, Georgia reported on October 7, 2020, that it was the victim of a ransomware attack that disrupted some of its systems, including email and telephone services in public buildings and the sheriff’s offices. Last week, the county indicated that in addition to telephone and email services, the ransomware attack also affected the county’s … Continue Reading

NSA Issues List of Vulnerabilities Used by Chinese Backed Hackers

The National Security Agency (NSA) issued a Cybersecurity Advisory on October 20, 2020, entitled “Chinese State-Sponsored Actors Exploit Publicly Known Vulnerabilities,” alerting IT professionals to 25 vulnerabilities that Chinese state-sponsored hackers are using against U.S. businesses that “can be exploited to gain initial access to victim networks using products that are directly accessible from the … Continue Reading

Patching Gets More and More Complicated but is Critical for Managing Risk

Patching vulnerabilities has always been challenging, but these days, it is getting more and more complicated as manufacturers try to stay abreast of zero-day vulnerabilities and issue patches as quickly as they can. Microsoft is well-known for its Patch Tuesday, which is a monthly roll-out of the patches for vulnerabilities it has become aware of … Continue Reading

U.S. Chamber of Commerce and FICO Release Security Guidelines on Telework During COVID-19

It is no secret that companies are experiencing an increase in security incidents following the transition from work in the office to work from home during the pandemic. There are a number of causes, including the difficulty of controlling the security of at-home technology equipment such as routers, printers, personal assistants and other IoT devices, … Continue Reading

Health Care Entities Continue to Get Hit by Ransomware: Universal Health Services Estimated to be Largest One in 2020

Health care entities continue to face a barrage of attacks from cyber criminals, and it is widely reported that the health care industry is getting hit more frequently than any other industry. Ransomware is the name of the game for these attackers in all industries, including health care. Unfortunately, what is being touted as one … Continue Reading

OFAC Issues Advisory on Sanctions for Facilitating Ransomware Payments

On October 1, 2020, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) issued an advisory “to highlight the sanctions risks associated with ransomware payments related to malicious cyber-enabled activities.” The advisory acknowledges that the incidents of ransomware attacks on U.S. companies have risen during the COVID-19 pandemic. Although the advisory does … Continue Reading

Tyler Technologies Victim of Cyber-Attack

As one of the largest information technology service providers to local governments, the cyber-attack on Tyler Technologies (Tyler) in Plano, Texas is a sobering reminder of how a cyber-attack on a third-party vendor can put government data at risk. According to reports, Tyler may have been the victim of a ransomware attack that disrupted its … Continue Reading

Athens Orthopedic Settles with OCR for $1.5M for Data Breach

The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) has announced that it has settled potential violations of HIPAA with Athens Orthopedic Clinic PA (Athens) for $1.5 million, following an investigation of a data breach that occurred in 2016. The data breach compromised the protected health information of 208,557 individuals when … Continue Reading

VA Alerting 46,000 Veterans of Compromise

The U.S. Department of Veterans Affairs Office of Management (VA) has announced that it is notifying approximately 46,000 veterans that their personal information was compromised when hackers were able to access an online application that allowed them to divert payments designated for community health care organizations that provide medical care to veterans to the hackers’ … Continue Reading
LexBlog