Search
Close this search box.

Global Cyber News Digest

Events

Cyber Insider Podcast

Press Room

Daily News Digest

Stay current on the global cyber threat landscape and industry developments with CCOE’s daily digest and library of cybersecurity news and articles.

  • HIPAA Security Requirements: What They Really Mean

    • The University of Texas M.D. Anderson Cancer Center was having a hard time protecting patient electronic health information (ePHI).
    • After several security-related incidents, there was no evidence that any of the lost devices were used, or that the ePHI was accessed by anyone, but the state-run cancer center clearly failed to protect the data, and had failed to encrypt these records.
    • The Department of Health and Human Services investigated Anderson for violations of HIPAA and HITECH laws and regulations.
    • HHS imposed a fine of $4,348,000 USD against Anderson, and administrative and court appeals followed. On January 14, 2020, the United States Court of Appeals for the Fifth Circuit (which includes Texas) found that HHS findings, specifically that the hospital had no “mechanism to encrypt” health records, and that they improperly “disclosed” these records, was arbitrary and capricious, and reversed the fines.
    • The federal appeals court distinguished between a failure of encryption and a failure to have a mechanism to encrypt, noting that a company could have a bulletproof encryption procedure, and encrypt thousands of computers and millions of thumb drives, and still inadvertently fail to encrypt a few drives which would result in a security breach.
    • The court noted that the cancer center’s loss of data was due to “reasonable cause” and not “willful neglect” 42 U.S.C. § 1320d5(a)(1)(B).
    • There is an erroneous assumption that every data breach involving ePHI is a HIPAA violation, and that every “loss of control” of data is an improper disclosure of ePHI.
    • HHS needs to have the power to impose fines for true violations. Sometimes, these fines need to be severe and consequential. Mere failures of security – even when they have bad results – should result in orders to compensate the privacy victims, not necessarily pay off HHS. But willful, deliberate and repeated failures to do the basic things – even when no breach occurs – should permit HHS to bring down the hammer.
    - Mark Rasch | March 4, 2021
    hak-iq.us20.list-manage.comMarch 4, 2021

  • Are Businesses at Risk of Litigation in the Event of a Cybersecurity Breach?

    • A cybersecurity attack that results in a data breach exposes businesses to customer distrust and, potentially, litigation.
    • In October 2020, Wilmington Surgical Associates in North Carolina was victim to a ransomware attack carried out by the NetWalker cybercriminals that resulted in a 13 GB data breach.
    • Now, as of February 2021, Wilmington Surgical Associates is being sued for cybersecurity negligence. The data breach enacted by the NetWalker group resulted in highly sensitive data being breached: patient names, birth dates, social security numbers, and health records. Patients have joined together in a class action lawsuit filed by Rhine Law Firm, with the intention of forcing the practice to strengthen its data security systems and submit to annual audits and provide credit monitoring services.
    • In the aftermath of a cybersecurity breach either large or small, claimants with sufficient evidence can seek to hold the breached business responsible for the ensuing damage. Whether the attack resulted in huge quantities of personal data being revealed, as in the Wilmington Surgical Associates case, or was targeted at a single victim, as in the Abbott Laboratories case, businesses whose systems have suffered breaches may still be liable in court. 
    • Each case is different and the damages incurred will always depend on the evidence presented.
    - Claire Hughes | March 4, 2021
    hak-iq.us20.list-manage.comMarch 4, 2021

  • Qualys Data Breach: Ransomware Gang Leaks Customer Invoices, Tax Documents

    • Cybersecurity company Qualys appears to have suffered a data breach after hackers exploited a zero-day flaw in its Accellion FTA server.
    • The company said on Wednesday that the security incident did not have any "operational impact," but "unauthorized access" had been obtained to an Accellion FTA server used by the company.
    • While Qualys hasn’t yet revealed any further details about the incident, Clop ransomware operators claimed to have stolen data from Qualys and shared screenshots of stolen files on its leak site as proof of the hack. The leaked data includes invoices, purchase orders, tax documents, and scan reports.
    • Qualys said it has “notified the limited number of customers impacted by this unauthorized access.”
    - Carly Page | March 4, 2021
    hak-iq.us20.list-manage.comMarch 4, 2021

  • Mitigate Microsoft Exchange On-Premises Product Vulnerabilities

    • CISA partners have observed active exploitation of vulnerabilities in Microsoft Exchange on-premises products. Neither the vulnerabilities nor the identified exploit activity is currently known to affect Microsoft 365 or Azure Cloud deployments. Successful exploitation of these vulnerabilities allows an attacker to access on-premises Exchange Servers, enabling them to gain persistent system access and control of an enterprise network.
    • CISA will continue to work with our partners to monitor for active exploitation associated with these vulnerabilities.
    • CISA will release additional indicators of compromise as they become available.
    • CISA will provide technical assistance to agencies without internal capabilities to comply with this directive.
    • CISA will provide additional guidance to agencies via the CISA website, through an emergency directive issuance coordination call, and through individual engagements upon request (via [email protected]).
    • By April 5, 2021, CISA will provide a report to the Secretary of Homeland Security and the Director of the Office of Management and Budget (OMB) identifying cross-agency status and outstanding issues.
    CISA Emergency Directive 21-02 | March 3, 2021
    hak-iq.us20.list-manage.comMarch 3, 2021

  • Reasons Why the Security Industry is Protecting the Wrong Thing

    • They're called data breaches, not network breaches for a reason.
    • Looking back on some of the biggest data breaches the world has ever seen, it’s clear that cyber hackers always seem to be one step ahead of organisations that seemingly have sufficient protection and technology in place.
    • Current approaches mean it is simply not possible to implement the level of security that sensitive data demands as it is in transit without compromising network performance. Facing an either/or decision, companies have blindly followed the same old path of attempting to secure the network perimeter and hoping that they won’t suffer the same fate as so many before them.
    • Consider separating data security from the network through an encryption-based information assurance overlay. Meaning that organisations can seamlessly ensure that even when malicious actors enter the network, the data will still be unattainable and unreadable, keeping the integrity, authentication and confidentiality of the data intact without impacting the overall performance of the underlying infrastructure.
    • Will this solution protect my data as it travels throughout the network? Will this technology enable data to be kept safe, even if hackers are able to infiltrate the network? Will this strategy ensure the business is compliant with regulations regarding data security, and that if a network breach does occur, the business won’t risk facing any fines? The answer to these questions must be yes in order for any CISO to trust that their data is safe and that their IT security policy is effective.
    - Paul German | March 3, 2021
    hak-iq.us20.list-manage.comMarch 3, 2021

  • Why Global Power Grids Are Still Vulnerable to Cyber Attacks

    • As utilities turn to sources of renewable energy and add millions of other components like smart meters, they’re rapidly multiplying the number of connections and sensors along their networks, widening the potential for intrusions.
    • Over the past four decades, power plants and substations have been moving from manual to automatic controls, and are increasingly being connected to public and private networks for remote access, leaving them exposed to attacks. Producers and distributors have also often been reluctant to spend on protecting themselves against low-probability attacks.
    • “Essential state infrastructures like power grids and nuclear reactors have been and will continue to be a target of cyber attacks because modernization allows internet connectivity, which makes them vulnerable,” said Kim Seungjoo, a professor at Korea University’s School of Cybersecurity. “It’s almost a natural instinct of hackers, especially the state-sponsored ones, to attack energy infrastructure because they can easily disrupt national security.”
    - David Stringer and Heesu Lee | March 3, 2021
    hak-iq.us20.list-manage.comMarch 3, 2021

  • Microsoft warns customers against new China cyber attack on exchange email

    • Microsoft has warned its customers against a new sophisticated nation-state cyber attack that has its origin in China and is primarily targeting on-premises 'Exchange Server' software of the tech giant.
    • Called "Hafnium," it operates from China and is attacking infectious disease researchers, law firms, higher education institutions, defence contractors, policy think tanks and NGOs in the US for the purpose of exfiltrating information.
    • The Microsoft Threat Intelligence Center (MSTIC) found that "Hafnium" would first gain access to an Exchange Server either with stolen passwords or by using the previously undiscovered vulnerabilities to disguise itself as someone who should have access.
    • The company has released security updates to protect customers running Exchange Server, and encourages all Exchange Server customers to apply these updates immediately.
    | March 3, 2021
    hak-iq.us20.list-manage.comMarch 3, 2021

  • We cannot allow China to dominate: US Lawmaker on India cyberattack report

    • A top American lawmaker on Monday urged the Biden administration to stand by India in view of the Chinese cyber attack on India's power grid system.
    • "The US must stand by our strategic partner and condemn China's dangerous cyber-attack on India's grid, which forced hospitals to go on generators in the midst of a pandemic," Congressman Frank Pallone said in a tweet on Monday.
    • "We cannot allow China to dominate the region through force and intimidation," tweeted Pallone, a day after Recorded Future, a Massachusetts-based company which studies the use of the internet by state actors, said Chinese government-linked group of hackers targeted India's critical power grid system through malware, amidst the tense border tension between the two nations.
    | March 2, 2021
    hak-iq.us20.list-manage.comMarch 2, 2021

  • National Security Agency unveils zero-trust security model guidance: 5 guidelines

    • The zero-trust security model is a coordinated system strategy that assumes breaches are inevitable or have already occurred.
    • Five guidelines for implementing the zero-trust model:
      1. The zero-trust system relies on network users to never trust any user, device or application and to always verify authenticity.
      2. Users should assume that the adversary already has a presence in the network.
      3. Apply security policies across all domains (mobile, LAN, WAN, etc.).
      4. Embrace multi-factor authentication for users to make stealing credentials more difficult.
      5. Incorporate zero-trust architecture incrementally in a strategic plan to avoid increased vulnerabilities during the transition.
    - Hannah Mitchell | March 2, 2021
    hak-iq.us20.list-manage.comMarch 2, 2021

  • Malaysia Airlines suffers data security 'incident' spanning nine years

    • The breach is purported to have occurred at some point during a period that spans almost a decade and involves a third-party IT service provider. 
    • The airline had sent out an emailer to Enrich members this week, stating it was notified of a "data security incident" at the third-party IT supplier.
    • At press time, Malaysia Airlines had yet to make a public statement on the security breach or post a notice on its website. It did, however, appear to confirm the incident on Twitter in its replies to customers. 
    • In one of several such responses, the national carrier said: "The data security incident occurred at our third-party IT service provider and not Malaysia Airlines' computer systems. However, the airline is monitoring any suspicious activity concerning its members' accounts and in constant contact with the affected IT service provider to secure Enrich members' data and investigate the incident's scope and causes."
    - Eileen Yu | March 2, 2021
    hak-iq.us20.list-manage.comMarch 2, 2021

451 A Street, Suite 500
San Diego, CA 92101

[email protected]

CONNECT WITH US

Linkedin Twitter

Cyber Center of Excellence is a San Diego-based nonprofit dedicated to growing the regional cyber economy and creating a more secure digital community for all.

JOIN US
Linkedin Twitter
Cyber Center of Excellence | Privacy Policy  |  Terms & Conditions
Linkedin Twitter
Privacy Policy  |  Terms & Conditions
© 2024 Cyber Center of Excellence