IT Security & Privacy

In a recent data breach notification filed with Maine's attorney general, Norton Healthcare revealed that a ransomware attack in May exposed sensitive data on 2.5 million individuals. The Kentucky-based clinic and hospital group discovered the cyberattack on May 9, determining later that ransomware was involved. The threat actors gained access to some network storage devices between May 7 - 9, although the medical record system remained uncompromised.

Approximately 60 credit unions are grappling with service disruptions following a ransomware attack on Trellance, a third-party IT vendor catering to the industry, as reported by the National Credit Union Administration (NCUA) on Friday. Trellance subsidiaries, including Ongoing Operations and FedComp, have confirmed the cyber incident, with Ongoing Operations specifying a ransomware attack on November 26.

A recent ruling by the European Court of Justice (ECJ) in the case of German property company Deutsche Wohnen is expected to have far-reaching financial implications for organizations found in breach of the General Data Protection Regulation (GDPR). Legal experts have deemed the decision a "landmark" ruling, altering the landscape of GDPR enforcement.

The U.S. Department of Health and Human Services (HHS) has introduced a comprehensive cybersecurity strategy aimed at fortifying the resilience of the health care sector against the escalating threat of cyber-attacks. The concept paper, aligned with President Biden's National Cybersecurity Strategy, outlines four pivotal pillars for action with a focus on bolstering cybersecurity for hospitals, patients, and communities vulnerable to cyber threats.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has unveiled a crucial mitigation guide aimed at fortifying the cybersecurity defenses of the Healthcare and Public Health (HPH) Sector. The new guidance, a supplement to the HPH Cyber Risk Summary released on July 19, 2023, outlines strategic measures to combat pervasive cyber threats affecting the sector.

Rivers Casino in Des Plaines has disclosed a data breach that occurred in mid-August, highlighting the vulnerabilities that businesses, even in the entertainment and hospitality sector, face in the digital age.

The government of Maine recently disclosed that approximately 1.3 million residents fell victim to a massive data breach earlier this year, out of a population of 1.37 million. The breach, which occurred in May, was part of a widespread cyberattack that exploited a vulnerability in the widely used MOVEit file-transfer system, impacting not only Maine but also several U.S. federal agencies, including the Department of Energy and the Department of Health and Human Services (HHS).