General hospitals in New York State must now report cyber incidents to state regulators within 72 hours under new cybersecurity requirements that went into effect on Oct. 2. The hospitals have until next fall to comply with a long list of other security mandates, including appointing a CISO.
Ransom payments are typically tightly held secrets between cybercriminals and their victims, but the Australian government has introduced a cybersecurity bill in Parliament that would require larger businesses to report ransom payments to the government.
An Oklahoma county provider of medical, fire, police and other 911 emergency services is notifying 180,000 individuals that their health information may have been compromised in a recent ransomware attack. The incident affects patients receiving emergency medical care as far back as 2011.
A misconfigured web server and the exposure of sensitive information for nearly 600,000 prison inmates in 2022 will cost medical claims processing company CorrectCare $6.49 million to settle a consolidated proposed class action lawsuit, according to court records.
New voluntary ransomware guidance released during the International Counter Ransomware Initiative meeting this week calls for victims to report attacks to law enforcement on a more timely basis - and involve more advisers in deciding whether to pay a ransom.
A clinic in Hawaii is notifying 124,000 patients that their health data was potentially compromised in a May hack. LockBit 3.0 claims to have published the stolen records on its data leak site in June - months before global authorities this week disclosed a crackdown on the cybercrime gang.
California-based Graybill Medical Group physicians' practice says it's splitting up with its affiliate practice, Palomar Medical Group, which handles a variety of management services, because the firm allegedly provided an "inadequate" response to a cyberattack detected in May.
Healthcare organizations often face obstacles in sharing cybersecurity information. Phil Englert and Errol Weiss from Health-ISAC advocate for shifting the focus from legal risks to business risks, improving incident response and building resilience through collaboration and transparency.
A Louisiana-based ambulance company that provides emergency medical care services in four states is notifying nearly 3 million people that their sensitive health information was potentially stolen in a June hack. Ransomware gang Daixin claims to have published the data on its dark web leak site.
The Digital Operational Resilience Act aims to reshape the financial services industry by introducing strict cybersecurity standards. Financial institutions must comply with the new rules by Jan. 17, 2025, or face severe penalties, said Richard Breavington, head of cyber and tech insurance at RPC.
A vendor that provides information systems and transcription services to radiology practices is alerting 411,037 people of a hack discovered last December involving the theft of sensitive data. The firm already faces at least four proposed federal class action lawsuits related to the hack.
An Idaho-based medical center is notifying about 464,000 patients and employees that their sensitive information was potentially compromised in an attack detected in March. Ransomware group ThreeAM claims to have leaked on its dark web site 22-Gbytes of Kootenai Health's stolen data.
An Arizona-based technical school is notifying nearly 209,000 current and former students, parents and faculty that their personal, health and financial information was potentially compromised in a LockBit attack earlier this year. The ransomware hack is one of many hits in the education sector.
An Arkansas-based mental and behavioral health services provider is notifying more than 375,000 individuals of a data theft potentially compromising their sensitive personal and medical information. The organization already faces at least one proposed class action lawsuit in the wake of the breach.
Pharmaceutical maker Cencora - formerly AmerisourceBergen - in an updated filing this week told the U.S. Securities and Exchange Commission that a Feb. 21 cyberattack resulted in the theft of more data than previously reported - including personal and health information.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.co.uk, you agree to our use of cookies.