Class-action lawsuit filed following medical marijuana data breach

(Apr 19, 2019) A class-action lawsuit has been filed against Sunniva and Natural Health Services for an alleged breach of medical marijuana customers’ data, CTV Edmonton reports. The lawsuit claims 34,000 individuals may have been impacted by the breach. Diamond & Diamond Lawyers, the firm representing the victims, stated diagnostic results, health care numbers, medical data and questionnaires were among the compromised information. “We have been working with privacy protection and law enforcement authorit... Read More

Insurers citing war exemptions to avoid cyberattack claims

(Apr 17, 2019) Insurers have used war exemptions to avoid claims related to cyberattacks, The New York Times reports. Food company Mondelez International and pharmaceutical company Merck were both victims of the NotPetya incident in 2017. Both companies were told by insurers their claims would not be accepted as their losses were deemed collateral damage in a cyberwar. The insurers’ stance solidified after the U.S. government determined Russia was behind the cyberattack. Mondelez and Merck are both in the mids... Read More

DHS warns of potential enterprise VPN hacking

(Apr 15, 2019) The U.S. Department of Homeland Security's Cybersecurity and Infrastructure Security Agency has warned four enterprise virtual private network app providers of system vulnerabilities, Fortune reports. The agency and the CERT Coordination Center, a nonprofit internet emergency response team, issued an advisory to Cisco, Palo Alto Networks, Pulse Secure and F5 Networks regarding the incorrect storage of cookies by each VPN app, which hackers could use to access a person's private computer. Rather ... Read More

IBM study shows cybersecurity gaps, privacy focus

(Apr 12, 2019) IBM reports a number of privacy-related takeaways from "The 2019 Study on the Cyber Resilient Organization," the company's global survey of 3,600 security and IT professionals conducted by the Ponemon Institute. IBM's biggest observation from the survey was 77% of organizations do not have a companywide cybersecurity response plan, while 54% does not regularly test the plans that are in place. The survey went on to show 78% prioritizes a company's ability to keep data private, and only 20% trust... Read More

Study: Two-thirds of hotel websites leak customer data to third parties

(Apr 10, 2019) A study conducted by Symantec found two-thirds of hotel websites inadvertently leaked customers' personal information and booking numbers to third parties, Reuters reports. Symantec analyzed 1,500 hotel websites in 54 countries. Researchers found the leaks occurred when the hotel sends confirmation emails with links to direct booking information. Third parties, such as social media platforms, search engines and advertising services, receive the customer data via the reference code attached to th... Read More

Cybersecurity bills for insurers continue to pop up in US

(Apr 8, 2019) States around the U.S. have started to implement cybersecurity legislation for the insurance industry, Bloomberg Law reports. The bills have used a model law inspired by the New York Department of Financial Services’ cybersecurity regulation for financial services. South Carolina, Ohio and Michigan have enacted laws for insurers over the past year. New Hampshire, Connecticut and two other states have cybersecurity bills in their legislatures, while Gov. Phil Bryant, R-Miss., approved a measure o... Read More

House Republicans press FEMA for data breach details

(Apr 8, 2019) Republican members of the U.S. House Committee on Science, Space, and Technology have asked the Federal Emergency Management Agency to provide details of its data breach in which 2.5 million disaster survivors had their information exposed, Nextgov reports. In a letter to FEMA Administrator Pete Gaynor, the lawmakers have asked for “specific details” on the incident no later than April 18. “The privacy incident at FEMA is particularly concerning to the committee, as this sensitive information ca... Read More

Canadian Centre for Cyber Security offers cybersecurity guide for SMBs

(Apr 5, 2019) IT World Canada reports the Canadian Centre for Cyber Security released the "Baseline Cyber Security Controls for Small and Medium Businesses," which aims to help SMBs defend against cyberattacks. The guide offers recommendations for organizational and baseline controls, such as appointing a leader responsible for IT security, installing stronger user authentications, and implementing employee awareness training. “We felt there was a gap in the information available for small and medium organiza... Read More

Health professionals seek guidance from ONC on medical, IoT device risk

(Apr 4, 2019) After the U.S. Office of the National Coordinator for Health Information Technology proposed an information blocking rule in February, health care professionals are concerned increased interoperability could lead to privacy and security issues, HealthITSecurity reports. Health professionals seek guidelines to mitigate risks and secure hospital networks, particularly when securing internet-of-things devices, such as printers, smart beds, and clinical and medical devices. Medigate CEO and Co-Found... Read More

UK survey: Phishing attacks are toughest to handle

(Apr 4, 2019) The 2019 Cyber Security Breaches Survey ranks phishing scams as the U.K.'s most common cyberattack among businesses and charities, ZDNet reports. The government survey, which polled 637 businesses and 192 charities that endured attacks, also showed 49% of businesses and 63% of charities considered phishing as the most disruptive attack on their group. No other cyberattack exceeded 15% for either businesses or charities in the disruption poll. "Protection against these kinds of breaches or attack... Read More