Commentaries and Analyses

Healthcare Organizations Experience 279% Increase in Business Email Compromise in 2023

Mike Britton writes about data collected by Abnormal Security: According to Abnormal data, the healthcare industry is experiencing a 167% increase in advanced email attacks in 2023, which includes BEC, credential phishing, malware, and extortion. While the year isn’t over yet, this signals the need for more sophisticated security to protect patients, employees, and the...

‘Snatch’ Ransom Group Exposes Visitor IP Addresses

Brian Krebs reports: The victim shaming site operated by the Snatch ransomware group is leaking data about its true online location and internal operations, as well as the Internet addresses of its visitors, KrebsOnSecurity has found. The leaked data suggest that Snatch is one of several ransomware groups using paid ads on Google.com to trick people...

Data breaches put domestic abuse victims’ lives at risk, UK Information Commissioner warns

From the U.K. Information Commissioner’s Office: Warning comes after the ICO reprimands seven organisations in the past 14 months for data breaches affecting victims of domestic abuse. Most cases related to organisations inappropriately disclosing the victim’s home address to alleged perpetrators. Commissioner urges organisations to take responsibility for training their staff and putting appropriate...

Broomfield Skilled Nursing and Rehabilitation Center settles breach-related charges with Colorado Attorney General

Colorado Attorney General Phil Weiser recently announced a settlement with Broomfield Skilled Nursing and Rehabilitation Center, LLC stemming from a 2021 data breach. The following is the state’s press release: Sept. 22, 2023 (DENVER) – Attorney General Phil Weiser announced today a settlement with Broomfield Skilled Nursing and Rehabilitation Center, LLC., for failing to protect the...

New AtlasCross hackers use American Red Cross as phishing lure

It seems we are finding out about new groups on a daily basis recently.  Now Bill Toulas reports on another one: A new APT hacking group named ‘AtlasCross’ targets organizations with phishing lures impersonating the American Red Cross to deliver backdoor malware. Cybersecurity firm NSFocus identified two previously undocumented trojans, DangerAds and AtlasAgent, associated...

Emerging cybersecurity threats in healthcare | Special Report

Ron Southwick of Chief Healthcare Executive notes what a bad  year this has already been in terms of breaches in the healthcare sector, but notes things may even get worse: Even with those dire signs about the dangers of cyberattacks, experts warn that health systems will face new and emerging threats in the years...

ShadowSyndicate linked to 7 ransomware attacks in the past year

Kumar Hemant reports: ShadowSyndicate group (formerly known as Infra Storm) has been suspected of deploying seven different ransomware families in a series of attacks that have spanned the past year. Security researchers from Group-IB, working in conjunction with Bridewell and independent researcher Michael Koczwara, exposed the clandestine operations of the threat actor. Their findings...

Audits of New York schools and the State Education Department reveal ongoing significant concerns

In May, the NYS Comptroller’s Office released an audit conducted to determine if the New York State Education Department (SED) consistently follows all laws and regulations regarding the safety and privacy of students’ data, and whether SED is properly monitoring school districts to ensure they are complying with the legislation and regulations that govern...