Archives: Cybersecurity

Subscribe to Cybersecurity RSS Feed

Manufacturing Sector Getting Hit with Cyber-Attacks: Portable Oxygen Device Manufacturer Notifies 30,000 Patients of Breach

Inogen, which manufactures portable oxygen devices, has alerted the Securities and Exchange Commission in a recent filing that it is notifying 30,000 individuals that their personal information was compromised when a hacker gained access to one of its employees’ email accounts through a phishing scheme. The incident illustrates how the manufacturing sector is continuing to … Continue Reading

HHS Warns Health Care Organizations About SamSam Ransomware

The health care industry continues to get hammered by SamSam ransomware attacks, to the point that the Department of Health and Human Services Healthcare Cybersecurity and Communications Integration Center (HCCIC) has issued a report outlining the danger of ongoing SamSam ransomware campaigns, with tips to help organizations detect and block SamSam. According to the report, … Continue Reading

Pipeline Companies Targeted by Cyber-Attacks

Reports show that U.S. energy companies reported more than 350 cybersecurity incidents to the U.S. Department of Homeland Security between 2011 and 2015. Pipeline companies are included in that statistic. Last week, Energy Transfer Partners (ETP) notified its oil and gas shippers that its pipeline network system was hacked. According to ETP, the hacking targeted … Continue Reading

Power Company Fined for Contractor Copying Data to its Own Insecure Network

Vendor management continues to be a problem for all industries, but some are scarier than others. The North American Electric Reliability Corp. (NERC) recently provided notice to the Federal Energy Regulatory Commission that an unidentified power company has reached a settlement with the Western Electricity Coordinating Council for $2.7 million to resolve two violations of … Continue Reading

Energy Sector: Hit Hard and Worried

One only needs to read the headlines to understand that critical infrastructure in the U.S., including the energy sector, is an obvious target for malicious actors. According to a new report by Marsh, entitled “Could Energy Industry Dynamics be Creating an Impending Cyber Storm?”, more than one in four respondents of a survey aimed at … Continue Reading

NIST Issues Energy Sector Asset Management Project

According to the National Institute of Standards and Technology (NIST), the energy sector relies on industrial control systems assets to “generate, transmit, and distribute power and to drill, produce, refine, and transport oil and natural gas.” These industrial control systems include supervisory control and data acquisition (SCADA) systems, distributed control systems, programmable logic controllers and … Continue Reading

The Report to the President for “Enhancing the Resilience of the Internet and Communications Ecosystem Against Botnets and Other Automated, Distributed Threats”

Back in January, a draft report from the U.S. Department of Commerce and the U.S. Department of Homeland Security was released to President Trump in order to address his May 11, 2017 Executive Order, which called for strengthening “Cybersecurity of federal Networks and Critical infrastructure”. The Departments approached this issue by “hosting a workshop, publishing … Continue Reading

Verizon Protected Health Information Data Breach Report Concludes that Insiders Are Greatest Threat to Health Care Entities

Verizon recently issued its Protected Health Information (PHI) Data Breach Report, which is always an interesting read. Not surprisingly, Verizon’s report concludes that based upon analysis of 1,360 security incidents involving the health care sector, 58 percent of the incidents were caused by insiders and 42 percent were caused by external threats. Insider threats can … Continue Reading

473,807 Patient Records Compromised in January, 2018—83 Percent Caused by Hacking Incidents

The recently released Protenus Healthcare Breach Barometer report notes that in January, 2018, at least 473,807 patient records were compromised in 37 breaches reported to the Office for Civil Rights. Twelve of the reported breaches were attributable to insiders, which was 32 percent of the data breaches reported in January. Seven of those incidents were … Continue Reading

Cybersecurity Task Force Launched in Arizona

Arizona Governor Doug Ducey launched the Arizona Cybersecurity Team (ACT) by Executive Order on March 1, 2018. The ACT, comprised of 22 members representing officials from the Executive Branch, including the state’s Chief Information Officer and Chief Information Security Officer, representatives from public safety, homeland security, emergency and military affairs, as well as members of … Continue Reading

FBI Issues New Warning to Businesses About Phishing Campaigns

In a recent Public Service Announcement dated February 21, 2018 entitled “Increase in W-2 Phishing Campaigns,” the Federal Bureau of Investigations (FBI) issued another alert about an increase in phishing campaigns since the beginning of 2018. According to the FBI, “IRS’s Online Fraud Detection & Prevention (OFDP), which monitors for suspected IRS-related phishing emails, observed … Continue Reading

New York Department of Financial Services Updates Cybersecurity Guidance: Coverage of Cybersecurity Requirements Addressed in 4 New FAQs

On March 1, 2018, the New York Department of Financial Services (NYDFS) “cybersecurity regulations” (23 NYCRR Part 500) took effect, placing a number of cybersecurity requirements on banks, insurance companies, and other financial services institutions and licensees regulated by the NYDFS (“Covered Entities”). To aid in compliance with the regulation, the NYDFS recently added new … Continue Reading

IoT Security Risks Widespread

According to bloggers on techtarget.com, security risks around IoT continue to be problematic, and a new free guide, “The Developer’s Guide to IoT” has been published specifically for IoT device developers, which is a welcome contribution to the industry. The guide, walks developers through ways ”to meet the security, analytics and testing requirements for IoT … Continue Reading

New York Financial Services Cybersecurity Regulations Deadline Looming This Week

On March 1, 2018, the one year transition period within which banks, insurance companies, and other financial services institutions and licensees regulated by the New York Department of Financial Services (“Covered Entities”)  must have implemented a cybersecurity program ends. By March 1, the Covered Entities must be in compliance with the following requirements: 23 NYCRR … Continue Reading

U.S. Estimates that Cyber Hacks Cost Up to $109 Billion in 2016

The Council for Economic Advisors (CEA) issued a report this month, entitled “The Cost of Malicious Cyber Activity to the U.S. Economy,” which concludes that “malicious cyber activity cost the U.S. economy between $57 billion and $109 billion in 2016.” The Executive Summary further depressingly concludes: Malicious cyber activity directed at private and public entities … Continue Reading

DOJ Forms Cyber-Digital Task Force

The Department of Justice (DOJ) has announced that it is forming a Cyber-Digital Task Force that will combat global cyber threats. The Task Force will concentrate on gathering the methods that the DOJ uses to fight cyber threats and figure out ways law enforcement can combat the problem, starting with what efforts are being used … Continue Reading

SEC Updates Guidance on Public Companies’ Disclosure of Cyber-Attacks

The U.S. Securities and Exchange Commission (SEC) updated guidance to public companies this week on how and when they are to disclose cybersecurity risks and breaches. The SEC suggests that public companies should disclose potential weaknesses that have not been targeted by hackers. There has always been a tension between the SEC and public companies … Continue Reading

HaoBao Malware Hitting Banks Scans for Bitcoin Activity

Lazarus, the well-known hacking group responsible for the WannaCry ransomware attack from last year, as well as the attack on the Bangladesh Central Bank and Sony, is now targeting global financial firms and Bitcoin adopters with a phishing campaign dubbed “HaoBao.” The phishing campaign was discovered by McAfee Labs in mid-January. The way it works … Continue Reading

New York’s Landmark Cybersecurity Regulation Compliance Deadlines Looming

On February 15, 2018—that is, today—banks, insurance companies and other financial services institutions and licensees regulated by the New York Department of Financial Services (DFS) are required to file their first certification of compliance with DFS’s far reaching cybersecurity regulation (23 NYCRR Part 500) (the “Regulation”). The Regulation, which became effective on March 1, 2017, … Continue Reading

Cisco Warns of VPN Bug

Cisco is warning customers using its Adaptive Security Appliance (ASA) software about a VPN bug that could allow an unauthenticated, remote attacker to cause a reload of the affected system or to remotely execute code” and “allow an attacker to take full control of the system.” Because the bug, known as DVE-2018-0101 is easy to … Continue Reading

Class Action Suit Filed Against Allscripts for Ransomware Attack

Allscripts Healthcare Solutions Inc. notified its electronic medical record customers last week that a ransomware attack was behind the disruption of service for medical providers. Allscripts became the victim of the ransomware “SamSam” on January 18 which shut down providers’ access to their electronic medical records. Allscripts was able to restore some access, but a … Continue Reading

Cyber-attacks are the Third Greatest Global Risk in 2018

A new report issued by the World Economic Forum (WEF), called “Global Risks Report 2018,” lists the threat of cyber-warfare and cyber-attacks affecting the public as the world’s third greatest threat in 2018, only behind natural disasters and extreme weather. The report notes that because of an increased global reliance on connected devices and the … Continue Reading
LexBlog