Canada’s Desjardins Settles Data Breach Lawsuit for $155M Highlights the risks posed by insider threats and lack of information segmentation. The cost of the settlement adds on to the costs the bank has already carried resolving the breach they discovered in 2019. The breach, which was publicly disclosed in June 2019, involved a “malicious” insider stealing and selling personal details for 4.2 million active customers of the...

Why that might not be a good thing for Nebraska. Based on a study of thousands of cases that it has worked, incident response firm Coveware has found that the number of firms paying a ransom has dropped from 85% in Q1 2019 to 46% in Q1 2022. When victims do pay a ransom, in Q1 2022, they paid an average of $211,529, down 34% from the previous quarter, Coveware found. It attributes this to fewer victims paying, attackers overall infecting...

Authorities Warn Healthcare, Public Health Sectors of Latest Concerns Federal authorities are warning the healthcare sector of potential threats involving Lapsus$, including those related to the extortion group’s recent hack of identity management vendor Okta. The Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center, or HC3, in an advisory issued on April 7, warns of attack threats to the sector...

Declining Loss Ratios May Allow Insurance Premium Increases to Moderate in Late 2022 An improvement in loss ratios for cyber insurance providers in 2021 means the rapid rise in premiums might, at last, subside later this year. The loss ratio, simply insurer payouts versus premiums earned, declined for the first time since 2018 despite the frequency and severity of claims filed for cyberattacks increasing yet again in 2021. The improvement was...

The number of major health data breaches and the number of individuals posted to the HHS “Wall of Shame” so far in 2022 has surged in recent weeks as reports of large hacking incidents continue to flow into regulators. As of last week, the HIPAA Breach Reporting Tool website shows that 117 breaches affecting about 5.32 million people have been posted in 2022. That’s an increase of nearly 83% in the number of breaches posted on the HHS...

Ransomware has been on a dramatic upswing over the last couple of years. The proliferation of Ransomware As A Service (RAAS), the subsequent lowering of barriers for both criminal groups and state actors, as well as the payment of ransoms have helped drive this dramatic increase. According to the U.S. Cybersecurity and Infrastructure Security Agency (CISA), most ransomware attacks start through phishing, exploitation of remote desktop...

Memo to businesses: Ransomware attacks are worse than ever, and unless you prepare, don’t be surprised if you or your business is the next victim, warn government cybersecurity czars. Joint advisory cybersecurity authorities in the United States, Australia, and the United Kingdom observed a marked increase in sophisticated, high-impact ransomware incidents against critical infrastructure organizations globally throughout 2021. They expect...

Healthcare entities should implement a more “proactive preparedness” approach for protecting their electronic health record/electronic medical record systems. Federal regulators warn that these are an increasingly attractive target for cyberattacks and other breaches. The DHHS Health Sector Cybersecurity Coordination Center, in a threat brief issued Thursday, reinforced that EHRs/EMRs are profitable to cybercriminals. Largely due to...

The Ripple Effects that Extend Outward from a Breach According to the Verizon 2020 Data Breach report, 22% of all security incidents are perpetuated by insiders. In addition, the costs of insider breaches – caused either by human error or bad actors have – risen by 47% over the past two years. As an organization, a certain amount of trust is required to ensure that business runs smoothly. But, given the inherent risks involved, that trust...

Alert Comes as Health Entities Globally Continue Battling Cyberattacks, Fallout The U.S. Department of Health and Human Services has posted a warning to the healthcare sector about increasing threats involving Pysa ransomware and the cybercriminal gang Mespinoza — also known as Gold Burlap and Cyborg Spider — which operates the malware variant. In an alert, the DHHS Health Sector Cybersecurity Coordination Center, or HC3, warns that since 2018,...