Extortion group threatens to sell Change Healthcare data
CyberScoop: A ransomware attack on Change Healthcare last month led to claims of stolen data totaling 6TB. The dark website RansomHub has now threatened to auction over 4TB of this data unless Change Healthcare meets their demands by April 20. The attack, attributed to the ransomware group ALPHV or BlackCat, involved an associate known as “notchy,” who alleges being scammed out of their share from a $22 million ransom paid by Change Healthcare’s parent company. Blockchain researchers observed the ransom money’s movement, suggesting attempts at laundering. RansomHub’s announcement aims to pressure Change Healthcare into securing its clients’ data to prevent it from being sold. The discrepancy in the reported amounts of stolen data between ALPHV and notchy remains unexplained. RansomHub, having claimed 31 victims aside from Change Healthcare, operates with specific rules, including a fixed 10% proceeds split for affiliates and restrictions on targets. This situation highlights the complex dynamics within the ransomware ecosystem and the continuous threat to healthcare data security.
Maryland Passes 2 Major Privacy Bills, Despite Tech Industry Pushback
NYTimes ($): The Maryland legislature recently passed two significant privacy bills aimed at regulating how tech companies handle personal data of consumers and minors, despite opposition from major industry groups like Amazon, Google, and Meta. The Maryland Online Data Privacy Act introduces broad restrictions on data collection and usage for consumers in the state, while the Maryland Kids Code targets social media and gaming platforms with restrictions aimed at protecting users under 18 from data harvesting and manipulative practices. These measures, still pending approval from Governor Wes Moore, position Maryland alongside states like California and Connecticut in enacting robust online privacy protections. However, industry groups have challenged these regulations, arguing they infringe on constitutional rights. Notably, a similar California law has already faced legal setbacks, indicating potential future legal challenges for Maryland’s legislation.
3 Ways AI Tools Actually Help Your Security Teams
ChannelE2E: AI is revolutionizing cybersecurity, offering significant benefits but also introducing potential risks. The U.S. government has responded with Executive Order 14110 to ensure the safe development of AI technologies. AI accelerates threat detection and response, transforming traditional SOCs by enabling faster and more accurate threat handling, thus allowing teams to focus on strategic initiatives. It also plays a crucial role in training and retaining security personnel, helping bridge the skills gap and enhancing team capabilities. AI significantly reduces the volume of alerts SOCs receive daily, combating alert fatigue and improving job satisfaction among cybersecurity professionals. Tools like Microsoft’s Copilot for Security exemplify AI’s potential to streamline security tasks, demonstrating reductions in time required for threat reporting and increases in task accuracy. As AI continues to evolve, it promises to bolster cybersecurity frameworks, reducing operational strain on human analysts and fortifying defenses against emerging threats.
Malware stands out as the fastest-growing threat of 2024, with 41% of enterprises witnessing a malware attack in the past year. (source)
62% of businesses expect more compliance involvement in cybersecurity in the coming years. (source)
Charlies is a 14 year cyber security expert. He started his career in the U.S. armed forces and then transitioned into commercial roles. A security engineer by training, he's well-versed in tool deployment and administration.
Ellen bring a decade of GRC expertise to the TalPoint community. She's knowledgeable on a variety of frameworks and employs a methodical approach to compliance. She's available for needs assessments, gap assessments, internal audits, and for certain frameworks running independent 3rd party audits.
Zachary bring a 20+ year career in risk management to the TalPoint community. He's worked across healthcare, finance, and supply chain manufacturing. His broad experience offers both a holistic view of risk as well as a common sense approach to risk management.