Reading Room
President Biden Signs into Law the Cyber Incident Reporting Act, Imposing Reporting Requirements for Cyber Incidents and Ransomware Payments
National Law Review, March 18, 2022
On March 15, 2022, President Biden signed into law the 2022 Consolidated Appropriations Act containing the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (the “Cyber Incident Reporting Act”).
HHS: Health Sector Should Prepare for Russia-Ukraine Threats
Gov Info Security, March 18, 2022
Federal authorities are advising healthcare sector entities to take precautions, including enhancing their cybersecurity posture and being prepared to implement four- to six-week business continuity plans, as they continue to face potential cyber incidents related to the Russia-Ukraine war.
South Denver Cardiology cyberattack, data access impacts 287K patients
SC Media, March 18, 2022
South Denver Cardiology Associates recently notified 287,652 patients that their protected health information was accessed ahead of a cyberattack deployed in January this year.
Healthcare organizations now must report cyberattacks to DHS
Becker’s Health IT, March 17, 2022
Healthcare organizations will be required to report any cyberattacks to the Department of Homeland Security, under a law signed March 15 by President Joe Biden, Bloomberg reported March 16.
HHS: HIPAA can ‘substantially mitigate’ most common healthcare cyberattacks
SC Media, March 17, 2022
The bulk of cyberattacks against the healthcare sector could be “prevented or substantially mitigated” by following the Health Insurance Portability and Accountability Act Security Rule, according to the Department of Health and Human Services Office for Civil Rights.
These four types of ransomware make up nearly three-quarters of reported incidents
ZD Net, March 17, 2022
Ransomware causes problems no matter what brand it is, but some forms are noticeably more prolific than others, with four strains of the malware accounting for a combined total of almost 70% of all attacks.
Canadian extradited to U.S. in $27 million ransomware case affecting senior living
McKnights Senior Living, March 4, 2022
A Canadian national indicted in 2020 in a $27 million ransomware fraud case affecting the senior living industry recently was extradited to the United States to face those charges.
Sebastien Vachon-Desjardins was indicted on conspiracy to commit computer fraud and wire fraud, intentional damage to a protected computer, and transmitting a demand in relation to damaging a protected computer.
Rural WA agencies seek federal support to fortify against cyberattacks
Crosscut, March 14, 2022
With limited IT resources, smaller public agencies in the state are among recent targets for ransomware attacks.
Over 500,000 Patients Hit by Data Breaches at Healthcare Firms in Alabama, Colorado
Security Week, March 14, 2022
The most recent cyberattack – and most impactful – targeted South Denver Cardiology Associates and resulted in the data of more than 287,000 patients being exfiltrated.
The Colorado firm identified the attack on January 4 and later discovered that an unknown party had access to certain systems in its network between January 2 and January 5, 2022.
Cyberattack on Norwood Clinic compromises data tied to 228K patients
SC Media, March 11, 2022
Alabama-based Norwood Clinic notified 228,103 patients that their data was potentially accessed or acquired after a cyberattack in October 2021.
Upon discovery, the systems were secured and the security team worked to “safely restore its systems and operations.” The notice does not disclose whether the attack was caused by ransomware. The investigation determined the hackers gained access to servers containing patient information during the incident.