Archives: Cybersecurity

Subscribe to Cybersecurity RSS Feed

Connecticut Insurance Department Issues Bulletin on Data Security Requirements

We previously outlined the requirements of the Connecticut data breach law when it was amended in 2015, including the requirement to implement a comprehensive information security program (CISP). The law requires that Third Party Administrators (TPAs) and Pharmacy Benefit Managers (PBMs) must implement a CISP by October 1, 2017, and certify to the Connecticut Insurance … Continue Reading

Siemens Medical Equipment Vulnerable to Cyber-Attacks

The Department of Homeland Security and Siemens Healthineers has identified cybervulnerabilities in the Windows 7-based versions of Siemens PET/CT systems, SPECT systems, SPECT/CT Systems and SPECT Workplaces/Symbia.net and have issued a warning concerning the vulnerabilities. Although Siemens is working on updates for the affected diagnostic imaging systems, it is recommending that customers operate the systems … Continue Reading

Nevada Implements Law that Requires Notice for Collection of Personal Information

Nevada has become the third state in the Union to adopt a law that requires operators of websites and online services to provide notice to consumers who are Nevada residents of their practices around the collection and sharing of personal information, including consumers’ names, address, email address, telephone number, Social Security number or an identifier … Continue Reading

Hackers Could Target Airports, Planes, Satellites, Ships, Cars, and Trains

Cybersecurity for critical infrastructure continues to be of concern, including the transportation sector. A new study by ABI Research concludes that although the transportation sector continues to increase spending on cybersecurity year over year, the rapid digitization of airports, aircraft, trains, ships, and cars puts this sector at risk. The study mentions that poor cybersecurity … Continue Reading

Students 16 and Over: Check Out CyberStart!

Students 16 and over who live in Virginia, Michigan, Iowa, Hawaii, Nevada, Delaware and Rhode Island—you may be eligible to participate in a new cybersecurity skills program called CyberStart. You have to have access to the Internet and a computer to participate. CyberStart is “a forward-thinking skills program designed to supply specialist cyber security education … Continue Reading

Connecticut Releases Cybersecurity Strategy

On July 10, 2017, Connecticut Governor Dannel P. Malloy released Connecticut Cybersecurity Strategy, that outlines seven key principles to assist with strengthening efforts to protect the state’s cybersecurity defenses for individuals, organizations, governmental agencies and businesses in Connecticut. The seven principles set forth in the Strategy document include: Leadership Literacy Preparation Response Recovery Communication and Verification … Continue Reading

FBI Issues Warning about Internet-Connected Toys

We previously reported about the microphone and video capabilities of Echo technology [view related post]. The FBI is also concerned about this technology being used in toys that are connected to the Internet. The FBI is so concerned that yesterday, it issued a Public Service Announcement that warns consumers that Internet-connected toys “could present privacy … Continue Reading

Authorities Investigating Cyber Intrusion of Numerous U.S. Nuclear Power Plants

It’s scary to think about, but anything that is online is hackable. Including critical infrastructure like nuclear power plants. It has been reported that U.S. authorities are investigating a cyber intrusion that has hit numerous nuclear power generation sites in the past few months. The attack has been named “Nuclear 17.” Although details of the … Continue Reading

Office of the National Coordinator Issues Guidance After NotPetya Attack

Following the most recent ransomware attack, known as NotPetya, (among other nicknames), many health care entities were victims of the ransomware, which prompted the Office of the National Coordinator (ONC) to issue guidance to assist health care entities in the aftermath. In two separate warnings/updates, ONC provides guidance to health care entities on what to … Continue Reading

Princeton Community Hospital Replaces Computer Network After Petya Attack

Numerous hospitals were victims to last week’s (aka NotPetya) ransomware attack. But one hospital—Princeton Community Hospital in West Virginia–has admitted that it is going to replace its entire computer network after Petya froze its electronic medical record making it unable to treat patients. They could not restore the electronic medical record, could not pay the … Continue Reading

Southern Oregon University Victim of Phishing Scheme

Last month, Southern Oregon University (SOU) announced that it was the victim of a $1.9 million phishing scheme. SOU received an email purportedly from their contractor, Anderson Construction, requesting the April payment for construction on the McNeal Pavilion and Student Recreation Center. An employee then sent funds to a bank account that the contractor did … Continue Reading

AICPA Releases Cybersecurity Risk Management Reporting Fact Sheet for CPAs Without a Key Recommendation

The American Institute of CPAs (AICPA), has released a risk management reporting framework that is intended to “establish a common, underlying language for Cybersecurity risk management reporting—almost akin to US GAAP or IFRS for financial reporting.” According to AICPA, the framework may be used by both management and CPAs to “enhance cybersecurity risk management reporting … Continue Reading

OneLogin Suffers and Notifies Customers of very Sophisticated and Scary Intrusion

San Francisco based OneLogin, which provides single sign on and identity management services for companies and app vendors, recently notified its users that it has discovered an unauthorized access to its data. The idea behind OneLogin is for a user to have one username and password that it can use through OneLogin’s platform for all … Continue Reading

Pacemakers at Risk for Remote Tampering

A new study by WhiteScope concludes that pacemakers from four manufacturers contain security weaknesses that expose them to remote tampering. Pacemakers run on radio frequency and health care providers can adjust them to assist patients with heart abnormalities without having to undergo surgery. However, according to the study, the programmers who are adjusting the pacemakers … Continue Reading
LexBlog