A health insurance company in Washington state has been slapped with the second-largest ever HIPAA violation penalty. The Department of Health and Human Services’ Office for Civil Rights (OCR) has imposed a $6.85m penalty on Premera Blue Cross to resolve potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Premera Blue Cross is a

by Paul Ducklin Sadly, we’ve written many times before about RaaS, short for Ransomware-as-a-Service: That’s where the crooks who actually write the ransomware keep themselves out of the limelight by hiring in other crooks to identify victims, get into their networks, spread the malware and trigger the damage: The operators themselves then collect the ransom

A 13-year-old boy has been arrested in the United States after allegedly hacking into an Indiana school district’s computer system.  The unnamed teen was arrested after repeated cyber-attacks were launched against Valparaiso Community Schools.  School officials reported regular assaults on the district’s e-learning systems that disrupted instruction by causing students to become disconnected from their

A warning has been issued by America’s Cybersecurity and Infrastructure Security Agency (CISA) after a malicious cyber-actor compromised a United States federal agency.  The attacker used valid log-in credentials for multiple users’ Microsoft Office 365 accounts and domain administrator accounts to gain access to the agency’s enterprise network. Once inside, the bad actor infected the network with

A cyber-attack has struck a Texas company that provides software services to schools and state and local governments across the United States. Tyler Technologies notified customers on September 23 that its phone and computer systems had been compromised by a bad actor.  Since the incident, the website of the company has carried the message: “Our

by Paul Ducklin We saw it in a tweet. How about you? pic.twitter.com/aNYt07qKsI — DEY! (@RoninDey) September 24, 2020 If the reports are to be believed, someone has just leaked a mega-torrent (pun intended – allegedly some of the files have also been uploaded to Kiwi file-sharing service Mega) of Microsoft source code going all

New research published today by Kaspersky examines a rise in the number of cyber-attacks on industrial control system (ICS) computers used by the oil and gas industry. Over the first six months of 2020, the percentage of systems attacked in the oil and gas industry increased when compared to the same time period last year. The same trend was

by Paul Ducklin Aren’t SMSes dead? Aren’t they just plain old text anyway? Surely they’re of no interest to cybercriminals any more? Well, SMSes aren’t dead at all – they’re still widely used because of their simplicity and convenience. Indeed, as a general-purpose short message service – which is literally what the letters SMS stand

Cyber-criminals hoping to profit from the theft of Bruce Springsteen’s legal documents were left disappointed when an online auction of the data attracted no buyers. The singer’s documents were among a 756GB cache of data swiped from New York City law firm Grubman Shire Meiselas & Sacks in a cyber-attack carried out in May this year.  Other high-profile entertainers

A global sting operation targeting drug trafficking on the darknet has led to 179 arrests and the seizure of weapons, drugs, and millions of dollars in cash and virtual currencies. Operation DisrupTor was conducted across the United States and Europe and was a collaborative effort between the law enforcement and judicial authorities of Austria, Cyprus,

Hundreds of thousands of Minnesotans are receiving letters warning them that their data may have been exposed in the second-largest healthcare data breach in state history. The letters were sent to individuals who had donated to or been a patient of Allina Health hospitals and clinics or Children’s Minnesota, a two-hospital pediatric health system in

by Paul Ducklin We do a show on Facebook every week in our Naked Security Live video series, where we discuss one of the big security concerns of the week. We’d love you to join in if you can – just keep an eye on the @NakedSecurity Twitter feed or check our Facebook page on

Cybersecurity firm OneSpan has announced the appointment of Ajay Keni as its new chief technology officer (CTO). Keni will replace Benoit Grangé in the post, who will take up a new position as chief technology evangelist, in which he will “focus on sharing OneSpan’s technology vision and deep industry insights with customers, partners and the

The cybercrime gang Netwalker claims to have exfiltrated data from the College of the Nurses of Ontario in a ransomware attack. A screenshot of data allegedly swiped from the college was posted on Netwalker’s website, where the college’s name has been added to a growing list of the gang’s victims. In a sparsely detailed statement issued yesterday,