Archives: Cybersecurity

Subscribe to Cybersecurity RSS Feed

HHS Office of the Assistant Secretary for Preparedness and Response Issues Series of Cybersecurity Updates in Response to WannaCry Attack

In response to the WannaCry ransomware attack that infiltrated the computer systems of health care systems and other entities worldwide on or around May 12, 2017 (previously discussed here), HHS’ Office of the Assistant Secretary for Preparedness and Response (ASPR) issued a series of updates to provide consumers and potentially affected organizations with information on … Continue Reading

Take-Aways from WannaCry

We have read multiple reports on WannaCry and if you are reading this and don’t know what WannaCry is, Google it for the background story. The clear message is this is not the last major attack we will see, and future attacks will only get more sophisticated. It is being estimated that the cost associated … Continue Reading

ABA Issues Opinion on Use of Email for Lawyers

On May 11, 2017, The American Bar Association (ABA) updated its 1999 opinion regarding lawyers’ use of email for communication. Although many state bar associations have issued opinions on electronic communications and the use of cloud computing services, the ABA has now provided clear guidance for lawyers on their ethical responsibilities of competence, confidentiality and … Continue Reading

NIST Releases Draft Cybersecurity Guidance for Wireless Infusion Pumps

The National Institute of Standards and Technology (NIST) announced this week that it has issued draft cybersecurity guidance for hospitals to consider when using infusion pumps, particularly since infusion pumps are no longer standalone devices and many are now wireless. This increases the risk of cybersecurity threats that could potentially compromise personal information if the … Continue Reading

FTC Launches Website to Help Small Businesses with Cyber-Attacks

The Federal Trade Commission (FTC) announced on May 9, 2017, that it has launched a new website that “helps small businesses avoid scams and cyber-attacks.” The website, www.ftc.gov/SmallBusiness.com, is filled with articles, videos and other information to help small businesses avoid scams and recover from a cyber-attack, as well as security tips to protect networks … Continue Reading

In the Privacy of Your Home

By now, it’s pretty common knowledge that Alexa has been on a dollhouse shopping spree, and is also helping to solve a murder. Clearly, Alexa cannot be trusted and that’s why she has only limited trigger words, including options such as “Alexa,” “Amazon,” “computer,” and “Echo.” When you speak those words, or other “wake words” … Continue Reading

New Mexico Enacts Data Breach Notification Law

Governor Susana Martinez recently signed into law the New Mexico “Data Breach Notification Act” (the Act), making New Mexico the 48th state (plus Puerto Rico and the District of Columbia) to adopt legislation mandating the provision of notice in the event of a data breach. The Act – which takes effect June 16, 2017 – … Continue Reading

4,229 Psychiatric Patients’ Records Hacked

Bangor Health Center, a psychiatric practice located in Bangor, Maine, has notified 4,229 patients that a hacker from Moldova has accessed their psychiatric records, including names, addresses, Social Security numbers, telephone numbers, diagnoses and doctors’ notes. The health center provides outpatient therapy to both children and adults for behavioral health conditions including substance use disorders, … Continue Reading

St. Jude Medical on Hot Seat for Cybersecurity Flaws in Home Monitoring System

The Food and Drug Administration (FDA) recently issued a warning letter to St. Jude Medical, alleging that it failed to properly investigate issues with the batteries in its defibrillator implants and for failing to fix the cybersecurity of its in-home monitoring system, known as Merlin@home. The monitoring system is wireless and is connected to St. … Continue Reading

ACC Issues Data Security Guidelines for In-House Counsel to Evaluate Law Firms

The Association of Corporate Counsel (ACC) has issued its first-ever data security guidelines, which outline basic data security measures that in-house counsel can use to evaluate their outside counsel. Most companies these days are auditing their law firms’ data security measures, but since data breaches occurred at some of the largest U.S. based law firms … Continue Reading

SWIFT Shores Up Network Security With Real Time Cybersecurity Tools

In an effort to combat an increasing number of fraudulent transfers carried out using its network, SWIFT, the international bank transfer network, announced this month that it is adding new tools and controls designed to prevent fraudulent transfers in real time. SWIFT reported that the new tools integrate into the SWIFT system directly without the … Continue Reading

State of Colorado Proposes Financial Services Cybersecurity Requirements

Following in the footsteps of the State of New York, the Colorado Department of Regulatory Agencies has proposed amendments to the Colorado Securities Act to require investment advisers and broker-dealers to implement new cybersecurity requirements to ensure security of the information in their possession. As we have predicted before, this is probably just the beginning … Continue Reading

DOD U.S.-CERT Cybersecurity Incident Reporting for Defense Contractors Effective April 1, 2017

New U.S. Computer Emergency Readiness Team (U.S.-Cert) guidelines around incident reporting went into effect this week (April 1, 2017). The guidelines require all federal departments and agencies, state, local, tribal and territorial government entities, information sharing and analysis organizations and private-sector organizations to report any security incident impacting the confidentiality, integrity or availability of a federal … Continue Reading

FBI Warns Healthcare Industry about Vulnerability of FTP Servers

The FBI issued a Private Industry Alert on March 22, 2017, to health and dental providers entitled “Cyber Criminals Targeting FTP Servers to Compromise Protected Health Information” specifically warning health and dental providers about the security of FTP (file-transfer-protocol) servers. According to the Alert, “[T]he FBI is aware of criminal actors who are actively targeting … Continue Reading

Treasury Inspector General Slams IRS for Lack of Strategy Following 2015 Data Breach

In a scathing report published on March 27, 2017, the Treasury Inspector General for Tax Administration blasted the Internal Revenue Service (IRS) following its analysis of the IRS’ steps following a data breach in 2015 that resulted in the theft of over 330,000 documents that were used in the filing of fraudulent tax returns. According … Continue Reading

Smartphone Malware Up 400% in 2016

Here’s some more good news. Not really. According to a recent report by Nokia, malware infections against mobile devices were at an all-time high in 2016. Infections on smartphones rose almost 400 percent and represented 85 percent of all mobile device infections. The report notes “[F]rom these trends, it is clear that cybercrime is moving … Continue Reading

Federal Agencies Hit with 30,899 Cyberincidents in 2016

The Office of Management and Budget (OMB) released a report this week indicating that federal agencies experience almost 31,000 cyberincidents in 2016. The Federal Deposit Insurance Corporation was responsible for 10 of 16 major incidents. These incidents resulted when personally identifiable information was able to be downloaded onto removable media. Despite the dismal number of … Continue Reading

Experts Warning of New Google Chrome Malware Scam

Cybersecurity experts have been warning users about a Google Chrome scam that targets Windows users in the US, UK, Canada and Australia. The scam, which began in December, uses a pop-up stating “The ‘HoeflerText’ font wasn’t found” and tells users to download an update, which is actually malware. The malware campaign started on December 10, … Continue Reading

Cloudflare Software Bug Causes Data Leak

Cloudflare, Inc., a provider of performance and security solutions for websites, recently disclosed that a software bug caused it to leak customer data that was then cached by search engines. Uber, Fitbit, and OkCupid sites may have been affected. While the leaked data is believed to contain private information, the extent of that information is … Continue Reading

NIST Issues Practice Guide for Electric Utilities

On February 16, 2017, the National Cybersecurity Center of Excellence released its draft practice guide for electric utilities, entitled “Situational Awareness for Electric Utilities.” The guide was developed to provide an example solution that can be used by electric utilities to alert staff to the potential for or an actual cyber-attack directed at the electric … Continue Reading

New York Financial Services Cybersecurity Regulations Go Into Effect on March 1

We have previously reported about the upcoming New York Financial Services Cybersecurity Regulations [view related posts here and here]. On February 16, 2017, Governor Andrew M. Cuomo announced that “the first-in the-nation cybersecurity regulation to protect New York’s financial services industry and consumers from the ever-growing threat of cyber-attacks will take effect on March 1, … Continue Reading
LexBlog