Hitachi Energy joined the ranks of victims hit by the Clop ransomware group, which has exploited a zero-day vulnerability in Fortra's widely used managed file transfer software, GoAnywhere MFT. Clop claimed responsibility for the hack, which compromised networks used by 130 different organizations.
Federal agents arrested the alleged administrator of the criminal underground forum BreachForums, tracing him to a small town in New York's Hudson Valley. FBI agents say Conor Brian Fitzpatrick, a resident of Peekskill, confessed to being "Pompompurin."
In the latest weekly update, ISMG editors discuss how the Silicon Valley Bank crash will affect innovation in the cybersecurity space, why the SEC fined cloud provider Blackbaud $3 million for its "erroneous" breach details, and why the feds fined a web hosting firm in a kids' insurance site hack.
Emergency medical device provider Zoll Medical Corp. is notifying more than 1 million individuals, including employees, as well as patients and former patients who used its LifeVest wearable cardioverter defibrillator, of a hacking incident that compromised their personal information.
A provider of online mental health services is notifying nearly 3.2 million people that the company used website tracking tools to share sensitive patient information with third parties including Facebook, Google and TikTok - without the individuals' consent.
President Joe Biden's budget request for fiscal 2024 includes a big proposed boost for the federal office charged with enforcing privacy and security within the healthcare industry. The proposal asks for $78 million in appropriations for the Office of Civil Rights.
In this week's roundup: an incident affecting News Corp and ransomware at Dish Network, Washington's Pierce Transit and the U.S. Marshals Service. Also: a DDoS attack on Danish hospitals from a threat actor that isn't what it claims and a bit of good news about a ransomware decryptor.
High street retailer WH Smith reports that it suffered a hack attack that led to the exposure of current and former employees' personal data, but no exposure of customer data or website disruption. It's the latest big British business in recent months to suffer a data breach or ransomware attack.
Five proposed class action lawsuits have been filed so far in the wake of a California medical group's Feb. 1 report of a ransomware attack last December affecting more than 3.3 million individuals. The incident is the largest health data breach reported to federal regulators so far this year.
Lehigh Valley Health Network, which operates 13 hospitals and numerous physician practices and clinics in eastern Pennsylvania, says it has been hit with an attack by Russian-based ransomware-as-a-service group BlackCat. The network says it didn't pay a ransom and operations were not disrupted.
Two recent separate hacking incidents involving attackers stealing copies of sensitive protected health information have affected more than 1 million patients of a New Jersey healthcare system and an Alabama cardiovascular clinic. Victims get free credit monitoring and identity restoration services.
In the wake of recent cyberthreats aimed at Australia's critical infrastructure, the country has adopted a new risk management program to strengthen its resilience and security in these key sectors. The new rules will help businesses prepare for, prevent and mitigate emerging threats.
Ireland's child and family agency, Tusla, says it is beginning a months-long process to notify 20,000 individuals that their personal information was exposed in the May 2021 ransomware attack against the Health Service Executive, which formerly managed Tusla's IT systems.
In the latest weekly update, ISMG editors discuss the ESXiArgs ransomware campaign that has snared 2,800 victims, the data breach reported in an SEC filing by a multistate hospital chain, and Check Point's building of SD-WAN capabilities that are integrated with the company's network security stack.
The Play ransomware group listed networking hardware manufacturer A10 Networks on its leak site after briefly gaining access to the company's IT infrastructure, according to data breach notifications firm BetterCyber. The Play group says it has confidential data, technical documentation and more.