Resources

Resources

Morgan Stanley’s Hard Drive Destruction Investment Failure

Posted by on November 22, 2022 in Banking, Blog | 0 comments

$155 Million in fines and settlements. While physical data breaches have declined substantially in the last 10 years, they still can happen without proper diligence. That lack of diligence and vendor oversight has led to a $35M fine for Morgan Stanley from the SEC and a class-action settlement of $60M over the same breach. This is in addition to a $60M fine from the Comptroller of the Currency in 2020. All for improperly decommissioning server hard drives. SEC investigators found that Morgan Stanley regularly relied on a moving and storage...

read more

Latest US Health Data Breaches Continue Ransomware Trend

Posted by on September 16, 2022 in Blog, Healthcare | 0 comments

Some 60 breaches affecting about 2.5 million individuals were added in July to the federal tally of major health data breaches. Those incidents continued a trend playing out in 2022: Large hacking incidents predominately involving ransomware attacks against providers, vendors, or both are responsible for an overwhelming amount of data theft. About 80% of the major breaches reported were related to hacking/IT incidents, and these breaches accounted for 97% of all affected individuals. “These trends indicate that this industry continues...

read more

Scammers Piggyback on AWS to Phish Victims

Posted by on September 16, 2022 in Banking, Blog | 0 comments

AWS Domains Used to Send Phishing Emails and Steal Credentials Cybercriminals are using Amazon Web Services to create phishing pages that bypass security scanners and scam victims into handing over credentials. The scammers send targets what appears to be a standard password expiration email or other emails meant to create a sense of urgency. The emails come from legitimate AWS domains, but a closer look shows the inclusion of false nicknames, with the sender address and unrelated text in a foreign language. When users click on malicious...

read more

NIST Adds Cybersecurity Guidance to HIPAA Security Rule

Posted by on July 28, 2022 in Blog, Healthcare | 0 comments

New draft of federal cybersecurity guidance could help healthcare organizations avoid regulatory fines in the wake of breaches. Federal regulators are looking for the adoption of “recognized security practices,” when investigating the aftermath of a breach involving protected health information. In 2021, Congress told the Department of Health and Human Services to consider whether a medical center or business associate can show that it had “recognized security practices” in place for at least the previous 12 months when...

read more

Four Legacy Security Vulnerabilities Still Posing Threats

Posted by on July 28, 2022 in Banking, Blog | 0 comments

Cybersecurity, or the lack of it, is something that we all need to be concerned about. In no industry is that more readily apparent than the financial sector. As the threats continue to evolve, it’s important that we don’t forget about older threats that continue to pose serious risks to financial institutions. Ideally, all organizations would rapidly expunge known vulnerabilities from their networks, starting with the most severe bugs that pose the greatest risk. In reality, serious vulnerabilities never seem to die. In April, for example,...

read more

Is Facebook a Business Associate?

Posted by on July 28, 2022 in Blog, Healthcare | 0 comments

Depending on where you put its tracking pixel, it might be. Lawsuit: Facebook Is Collecting Patient Data of ‘Millions’ Class Action Alleges Meta Pixel Code Tracks Websites, Patient Portal Interactions A class action is alleging Facebook unlawfully collects patient data from the online portals of hundreds of medical providers without knowledge or consent. The lawsuit, filed Friday (June 17, 2022) by an anonymous “John Doe” plaintiff in the Northern District of California, alleges Facebook knowingly receives patient data...

read more

One Malicious Insider Leads to $155M Settlement

Posted by on July 28, 2022 in Banking, Blog | 0 comments

Canada’s Desjardins Settles Data Breach Lawsuit for $155M Highlights the risks posed by insider threats and lack of information segmentation. The cost of the settlement adds on to the costs the bank has already carried resolving the breach they discovered in 2019. The breach, which was publicly disclosed in June 2019, involved a “malicious” insider stealing and selling personal details for 4.2 million active customers of the credit union group in addition to 1.8 million credit card holders from outside the member base over...

read more

Ransomware payments are down.

Posted by on May 27, 2022 in Banking, Blog, General, Healthcare | 0 comments

Why that might not be a good thing for Nebraska. Based on a study of thousands of cases that it has worked, incident response firm Coveware has found that the number of firms paying a ransom has dropped from 85% in Q1 2019 to 46% in Q1 2022. When victims do pay a ransom, in Q1 2022, they paid an average of $211,529, down 34% from the previous quarter, Coveware found. It attributes this to fewer victims paying, attackers overall infecting smaller organizations – given the law enforcement fallout they often face after hitting very large...

read more

HHS HC3: Beware of Lapsus$, Email Marketing-Related Threats

Posted by on May 27, 2022 in Blog, Healthcare | 0 comments

Authorities Warn Healthcare, Public Health Sectors of Latest Concerns Federal authorities are warning the healthcare sector of potential threats involving Lapsus$, including those related to the extortion group’s recent hack of identity management vendor Okta. The Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center, or HC3, in an advisory issued on April 7, warns of attack threats to the sector by Lapsus$. Lapsus$ Threats HC3 warns that hacking group Lapsus$ relies on “bribery and...

read more

Premium Hikes and Vetting Decrease US Cyber Insurance Losses

Posted by on May 27, 2022 in Banking, Blog | 0 comments

Declining Loss Ratios May Allow Insurance Premium Increases to Moderate in Late 2022 An improvement in loss ratios for cyber insurance providers in 2021 means the rapid rise in premiums might, at last, subside later this year. The loss ratio, simply insurer payouts versus premiums earned, declined for the first time since 2018 despite the frequency and severity of claims filed for cyberattacks increasing yet again in 2021. The improvement was due to steep premium hikes and a significant increase in vetting. The hope is that these factors...

read more