In an interesting case from Indiana, a court recently ruled that language in the insurer’s “quotes” for coverage in a crime policy led the insured to believe that losses for computer hacking would be covered under the policy if the insured purchased coverage. The case, Metal Pro Roofing, LLC v. Cincinnati Insurance Company, 2019 WL … Continue Reading
Many readers have reached out to learn about the Capital One data breach and how it affects us. If you haven’t been watching the story unfold as closely as I have, here is a summary of what happened, what information was included, and what to do about it. Capital One announced on July 29 that … Continue Reading
As readers of this blog know, data breaches in the health care industry are all too common. Healthcare organizations are an attractive target for hackers because of the nature and amount of personal information that they possess. Therefore, it is perhaps not surprising that healthcare organizations have the highest costs associated with data breaches. They … Continue Reading
As reported today by Help Net Security, hackers are targeting Microsoft Office365 administrators in a new phishing campaign that can obtain and confirm credentials in real time. According to the article the attack begins with a fake Office365 notification where all the links in the message link back to fake Office365 sites at the windows.net … Continue Reading
Security researchers have warned municipalities repeatedly about how they are being targeted with ransomware, that they are at high risk, and the need to make data security a high priority. Municipalities are unfortunately only taking heed now that recent ransomware campaigns are in the news and bringing some municipalities to their knees [view related posts … Continue Reading
Earlier this month, a federal grand jury returned an indictment charging a Chinese national and another individual as part of an extremely sophisticated hacking group operating in China that targeted large businesses in the United States, including health insurer Anthem. The indictment stemmed from an investigation by the FBI in which Anthem cooperated, earning praise … Continue Reading
In the top three of the list of highly sensitive personal data to be concerned about is our medical information. It’s so sensitive because it is so personal. It used to be that our medical information was located in paper charts at our doctor’s office, the hospital, the pharmacy and our health insurer. Now it’s … Continue Reading
WhatsApp, the popular instant messaging app announced a hack and the exposure of a security flaw this week. The flaw injected malware onto users’ phones, potentially exposing their otherwise encrypted data and messages. WhatsApp allows users to instant message and make phone calls throughout the world. The app features described on its website include simple, … Continue Reading
I was with a bunch of CFOs this week talking about cybersecurity and I told them how easy it is for hackers these days. They can infiltrate a company’s system by compromising an O365 account that doesn’t have multi-factor authentication, and according to a Ponemon study, are in the company’s system for over 200 days. … Continue Reading
I try to keep my spam filter on the most restrictive setting, which has dramatically decreased the amount of spam I receive in my email box every day. But every once in a while, I receive an email that makes my gut twitch and my eyebrows raise. I got one today from a well-known bank, … Continue Reading
I came across an article last week that indicated there was a successful attack on Microsoft’s Office 365 and Google’s G Suite environments that was able to bypass multi-factor authentication (MFA). However, after reading the article it was immediately clear the attack leveraged an old protocol, IMAP (Internet Message Access Protocol), which does not support … Continue Reading
So this week’s blog article takes a page from my very own “smart” home devices. Monday morning at about 3:42 a.m. our entire household woke up because every “smart” lightbulb in the house came on at the same time! It was a bit distressing and once we got up and shut off all the lights, … Continue Reading
Cities and towns continue to be a profitable target for successful ransomware attacks. As we previously reported [view related posts], the list of cities and towns getting hit with ransomware attacks continues to grow. Last week, Jackson County, Georgia admitted that it paid hackers $400,000 to obtain access to its information that was locked down … Continue Reading
Players of the popular Fortnite video game have filed a proposed class action suit against the video game’s owner, Epic Games Inc. (“Epic”) alleging that Epic failed to protect players’ accounts, allowing hackers access to their payment details in a 2018 data breach. According to the suit, the players gave Epic their payment information in … Continue Reading
Community Health System, located in Tennessee, has agreed to settle claims made against it arising from a 2014 data breach for $4.5 million. The data breach, believed to be caused by Chinese hackers, compromised the names, dates of birth, addresses, telephone numbers, and Social Security numbers of 4.5 million patients of the hospital system, which … Continue Reading
The scammers continue to find easy ways to dupe unsuspecting businesses into sending information or money to them. It used to be that we had to address vast fraud schemes with phishing emails requesting the W-2s of employees. That is child’s play now as most companies are aware of the scheme and don’t fall victim … Continue Reading
The bane of data security is the patch. The patch is what your IT guys are doing in the background to fix vulnerabilities in software that are known to the manufacturers, and to attempt to fix the vulnerability before hackers can exploit it. Patching is a very important part of a security plan, but the … Continue Reading
Atrium Health and its vendor, AccuDoc Solutions, released a joint announcement this week that AccuDoc’s database of 2.6 million billing records of Atrium Health’s patients has been compromised by a hacking incident. The information contained in the database included patient names, addresses, dates of birth, health insurance information, account balances, dates of service and some … Continue Reading
Phishing attacks continue to hit health care providers and experts say the attacks will become even more frequent in 2019. As previously reported, the largest breach of health care information was recently settled by Anthem, which involved almost 80 million individuals’ information, all caused by a phishing email sent to one individual at Anthem [view … Continue Reading
According to reports by WhoWhatWhy and the Associated Press, five security experts have confirmed a private citizen’s allegation that the Georgia Online Voter Database contains a major security flaw and is vulnerable to hackers. According to one of the experts from the University of Michigan, anyone with access to an individual voter’s personal information could … Continue Reading
The U.S. Patent and Trademark Office (USPTO) announced last week that it has discovered that unauthorized users have attempted to hack into its online trademark system to attempt to make unauthorized changes to active trademark applications and registrations. They have also tried to register marks owned by others on third-party brand registries. According to USPTO, … Continue Reading
Many companies are migrating their email systems to Microsoft Office 365 (O365). The majority of security incidents in which we have been engaged in over the past six months involve a hacker successfully phishing an employee of the company (most of the time someone who is an executive in the company) and then spoofing the … Continue Reading
As we previously noted, Facebook originally announced a breach late last month, in which hackers took advantage of a code vulnerability in the website’s “View As” feature, to access user’s data. However, on October 12, 2018, Facebook stepped back the number of affected accounts from 50 to roughly 30 million, and it acknowledged that hackers … Continue Reading
Facebook announced late last week that it had suffered the largest breach in its history with 50 million accounts were compromised, and another 40 million accounts affected. Yes, that equals 90 million accounts. If you use Facebook and were locked out of your account over the weekend, your account was most likely affected. The 50 … Continue Reading
