Published: February 24, 2023
By Annie articles
Exclusive: FBI says it has ‘contained’ cyber incident on bureau’s computer network
CNN: The FBI was recently targeted in a malicious cyber incident involving computer systems used in child sexual exploitation investigations. Sources say that the FBI New York Field Office was attacked, which is one of the bureau’s biggest and highest profile offices. The bureau states that the hack was an isolated incident and has been contained but the origin is still being investigated. Beyond the breach, it seems the department needs to review its data storage policies especially when dealing with evidence of such an incredibly sensitive nature.
California Health Network Data Breach Impacts Over 3 Million People
Health News: One of the largest private healthcare networks in the US, Heritage Provider Network (HPN), was victim of a ransomware attack in December but 3.3 million affected patients were not aware of the data breach until a couple weeks ago. HPN notified patients that personal information such as their name, date of birth, laboratory test results, diagnosis and treatment, and other personal information may have been stolen. Healthcare organizations continue to get attacked by ransomware groups and as we reported last week, the annual number of ransomware attacks on health care delivery organizations more than doubled from 2016 to 2021, exposing the personal health information of nearly 42 million patients and causing disruptions to patient care.
Sensitive US military emails spill online
Tech Crunch: An exposed server of the Department of Defense (DoD) had internal U.S. military emails exposed to the open internet for the last two weeks. The exposed server was hosted on Microsoft’s Azure government cloud for the DoD and typically contains sensitive but unclassified government data. The server stored about three terabytes of internal military emails, many connected to the U.S. Special Operations Command, or USSOCOM, the U.S. military unit tasked with conducting special military operations. Most likely human error caused a misconfiguration which left the server without a password. A senior Pentagon official confirmed that USSOCOM was notified of the exposed server and USSOCOM states that they are currently investigating the issue but that no one hacked their information systems.
Most companies are sitting on exposed data in the cloud – a whopping 81 percent of organizations have had sensitive SaaS data exposed. (source)
Only 10-12% of all estimated cybercrime victims report cybercrime incidents in the United States. (source)
Funny joke to end the week: what do you tell a hacker after a bad breakup? (source)
There are plenty of phish in the sea!
Charlies is a 14 year cyber security expert. He started his career in the U.S. armed forces and then transitioned into commercial roles. A security engineer by training, he's well-versed in tool deployment and administration.
Ellen bring a decade of GRC expertise to the TalPoint community. She's knowledgeable on a variety of frameworks and employs a methodical approach to compliance. She's available for needs assessments, gap assessments, internal audits, and for certain frameworks running independent 3rd party audits.
Zachary bring a 20+ year career in risk management to the TalPoint community. He's worked across healthcare, finance, and supply chain manufacturing. His broad experience offers both a holistic view of risk as well as a common sense approach to risk management.