AT&T Inc. announced in a July 12, 2024, SEC filing that hackers stole a cache of six months’ worth of mobile phone customer data, illegally downloading the records from a workspace account at the cloud-service provider...more
Change Healthcare Cyberattack -
On February 21, 2024, Change Healthcare—a healthcare technology company owned by UnitedHealth Group—issued a statement that it had been impacted by a ransomware attack. According to Change...more
Large companies holding sensitive data – including financial services, telecommunications, business process outsourcing, hospitality, and cryptocurrency firms – as well as their IT helpdesks, are increasingly being targeted...more
11/28/2023
/ Cyber Attacks ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Breach ,
Data Collection ,
FBI ,
NIST ,
Popular ,
Publicly-Traded Companies ,
Ransomware ,
Reporting Requirements ,
Securities and Exchange Commission (SEC) ,
Sensitive Business Information
On May 23, 2023, CISA, the Federal Bureau of Investigation (FBI), the National Security Agency (NSA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) published an updated version of the #StopRansomware...more
The Massachusetts State Police Commonwealth Fusion Center (CFC) believes that cyber actors may use the current bank failures for future phishing and business email compromise (BEC) attacks. Cyber actors often use current...more
5/9/2023
/ Banking Sector ,
Business E-Mail Compromise (BEC) ,
Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Security ,
Email ,
Financial Services Industry ,
Hackers ,
Phishing Scams
With the adoption of new technology, including the quick and unexpected shift to virtual learning because of the COVID-19 pandemic, K-12 institutions are at an increased risk of cyberattacks and threats thereof. The rise in...more
If you aren’t following the ransomware attack on Kaseya’s VSA product and approximately 800-1500 of its users, you should be. Like many cyberattacks, this one came on the verge of a holiday weekend. As the company itself...more
On May 27, 2021, the Department of Homeland Security’s Transportation Security Administration (TSA) announced a Security Directive that will enable DHS to better identify, protect against, and respond to threats to critical...more
6/1/2021
/ Critical Infrastructure Sectors ,
Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Breach ,
Department of Homeland Security (DHS) ,
Hackers ,
Pipelines ,
Popular ,
TSA
On May 12, 2021, President Biden signed an Executive Order which is aimed at improving the nation’s cybersecurity and protecting federal government networks. The Executive Order has been in the works for some time, but the...more
5/13/2021
/ Biden Administration ,
Critical Infrastructure Sectors ,
Cyber Attacks ,
Cybersecurity ,
Department of Homeland Security (DHS) ,
Emergency Response ,
Executive Orders ,
Hackers ,
National Security ,
Oil & Gas ,
Pipelines ,
Popular ,
Ransomware ,
Supply Chain ,
Threat Management
By now, you have heard about the SolarWinds Orion hack. But what do you need to know about it?
First, if you want or need the technical details, the Cybersecurity and Infrastructure Security Agency (CISA) has them. In...more
On October 28, 2020, a joint cybersecurity advisory was coauthored by the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services...more
On October 1, 2020, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) released an advisory regarding potential sanctions risks related to facilitating ransomware payments...
OFAC is the federal...more
10/16/2020
/ Cyber Attacks ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
FCPA Guidance ,
Hackers ,
International Emergency Economic Powers Act (IEEPA) ,
Malware ,
Office of Foreign Assets Control (OFAC) ,
Popular ,
Ransomware ,
Risk Factors ,
Sanctions ,
SDN List ,
TWEA
With apologies to John Donne, ask not for whom the bells tolls, HIPAA business associates, it tolls for thee! While it has been the law for some time that business associates could be held directly liable for breaches,...more
9/28/2020
/ Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Electronic Medical Records ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
HIPAA Security Rule ,
OCR ,
Personally Identifiable Information ,
PHI ,
Settlement Agreements
On January 4, 2020, the US Department of Homeland Security posted at National Terrorism Advisory System Bulletin, in the wake of the killing of a senior Iranian military leader by a US drone. That DHS advisory states:
The...more
1/6/2020
/ Cyber Attacks ,
Cyber Crimes ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Foreign Relations ,
Hackers ,
Iran ,
National Security ,
Phishing Scams ,
State Sponsors of Terrorism ,
Terrorist Threats
Happy New Year! While you are making (and soon breaking) your resolutions, here’s another lifestyle change to consider for 2019: putting your car fob in foil at night before you go to sleep. Why? Because the fob’s signal...more
In a recent decision from the District of Massachusetts, the alleged perpetrator of cyber-attacks against Wayside Youth and Family Support Network and Boston Children’s Hospital (“BCH”) failed in his attempt to assert a novel...more
Partner Colin Zick was recently invited to speak to the Union College Computer Science Department’s Seminar Series. His presentation addressed the difficulties in implementing encryption in the workplace, the challenges to...more
As most are aware, the Massachusetts Attorney General has won the race to the courthouse and been the first regulator to file suit against Equifax....more
As we previously said, the Equifax breach affects approximately 143 million Americans. While the hackers stole data that includes addresses, birth dates, full names and Social Security numbers, there are steps you can take...more
Me and 143 million of my closest friends may have had our personal information inappropriately accessed through a breach at Equifax–is there no safe haven anywhere? Deferring that question for another day, here are the...more
First, the basic facts about the recent ransomware attack:
..US-CERT has received multiple reports of WannaCry ransomware infections in several countries around the world.
..Ransomware is a type of malicious software that...more
This month’s edition of the Advanced Cyber Security Center’s newletter includes my discussion of lessons to be learned from the Wyndham decision:
Historically, security was an issue reserved in a back room for the IT...more
10/1/2015
/ Cyber Attacks ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Federal Trade Commission (FTC) ,
FTC v Wyndham ,
Hackers ,
Identity Theft ,
Personally Identifiable Information ,
Privacy Policy ,
Securities and Exchange Commission (SEC) ,
Unfair or Deceptive Trade Practices
Obama Executive Order Targets International Cyberattacks Against U.S. with New Sanctions -
New Sanctions Are Part of U.S. Escalation of Efforts to Bolster Cyber-Security:
As part of a series of measures aimed at...more
Last week, the HHS Office of Inspector General released a damning report on FDA’s data security: “The objective of this review was to determine whether the FDA’s network and external Web applications were vulnerable to...more