CommonSpirit was negligent in failing to protect sensitive health data, resulting in a compromise affecting at least 623,000 patients and perhaps many more, allege plaintiffs in two proposed class action lawsuits filed against the Chicago-based hospital chain after a 2022 ransomware attack.
Rackspace says the ransomware-wielding attackers who disrupted its hosted Microsoft Exchange Server environment last month wielded a zero-day exploit, described by CrowdStrike as being "a previously undisclosed exploit method for Exchange," to gain remote, direct access to servers it hosted.
The Bahamas Securities Commission seized digital assets worth $3.5 billion from local firm FTX Digital Markets. The regulator says the funds were at risk of "imminent dissipation" due to hack attacks and will temporarily remain under its exclusive control, stored in secure digital wallets.
California hospital operator Scripps Health has agreed to pay $3.57 million in "minimum cash settlements" of $100 per victim, plus some additional types of expenses, to settle a class-action lawsuit filed by victims of a 2021 data breach perpetrated by ransomware-wielding attackers.
Global Cyber Alliance CEO Philip Reitinger shares updates on the alliance's Internet Integrity and Capacity & Resilience programs, which tackle key challenges of internet infrastructure, privacy and safety. Success is measured by the number of partners and "who is using the platform," he says.
As FTX's bankruptcy proceedings continue, customers of the cryptocurrency exchange have filed a lawsuit against its former leadership, contending that they violated "customer agreements" and that customers' missing assets should be prioritized over all claims filed by creditors.
As the U.S. government's probe of bankrupted cryptocurrency exchange FTX continues, two executives have pleaded guilty to multiple charges, while founder Sam Bankman-Fried waived his extradition rights in the Bahamas and was transferred by the FBI to New York, where he appeared before a judge.
Karl Sebastian Greenwood, a dual citizen of Sweden and the United Kingdom, pleaded guilty in U.S. federal court to his role in selling the purported multibillion-dollar cryptocurrency pyramid OneCoin that netted $4 billion. He now faces sentencing.
In October, former Uber CSO Joe Sullivan was convicted of covering up a 2016 data breach. The trial likely marked the first time a chief security officer had faced criminal charges over incident response. Attorney Jonathan Armstrong says, "This trend is going to be difficult to put back in the box."
Hosted services company Rackspace is warning customers about the increasing risk of phishing attacks following a ransomware attack causing ongoing outages to its hosted Exchange environment. The Texas-based firm also is now facing a class action lawsuit.
The Conservative U.K. government said it will propose updates to the country's main cybersecurity regulation, including a requirement for the private sector to reimburse the public sector for enforcement activities. The government downplayed concerns that it could create perverse incentives.
A British judge ordered cryptocurrency trading platforms to divulge the identities of account holders accused of holding funds stolen from an English digital assets exchange. A change in civil procedure makes it easier for English judges to subpoena foreign entities in cases of financial fraud.
Healthcare providers and their vendors often fear federal regulatory action, but do fines and corrective action many any difference at all? As breach cases have nearly doubled since 2018, federal fines dropped 93% in 2022, and some say the agency is understaffed and crippled by legal challenges.
An Indiana healthcare network, Community Health Network, is the latest medical entity to classify its use of online tracking code as a data breach reportable to federal regulators. It said the unauthorized access/disclosure breach affected 1.5 million individuals.