HopeNet (HopeNetCISO.com) reviews a variety of security news sources so you do not have to! The list below represents items relevant to churches, nonprofits, and charities. The headlines and our added comments are meant to provide enough to get an overview of recent happenings,  but links are also provided for readers that want to explore certain topics deeper.

The most noteworthy news of the week is probably that Congress tries again for comprehensive data privacy bill – especially for organizations in states like Florida where no such legislation is contemplated yet.  This will be one watch as it seems to have bipartisan support. 

General

• You’ve Been Hacked. Who You Gonna Call? – High level, but not a bad check list.
• US Health Dept warns hospitals of hackers targeting IT help desks – The MGM attack last year started with a help desk call, so this is relevant advice.  The article has some specific suggestions at the end for those that are interested.
• CPPA Issues First “Enforcement Advisory” for CCPA – Data Minimization – Data minimization is getting rid of data that is not needed. The easiest data to protect is data that does not exist.  In a related tactic, many lawyers are also suggesting that companies have limited retention of emails, chats, and other types of discoverable items.

Data Loss

• Home Depot confirms third-party data breach exposed employee info – Employee data…third party vendors…misconfigured cloud assets…smh.
• Florida Pediatric Associates health data impacted by data breach – Another third party breach.
• US Cancer Center Data Breach Impacting 800,000
• SurveyLama data breach exposes info of 4.4 million users
• Shopping platform PandaBuy data leak impacts 1.3 million users

Operational Disruption

• Round 2: Change Healthcare Targeted in Second Ransomware Attack – Unfortunately, it is not unusual for victims to be targeted again, but this is a little quick.
• Group Health Cooperative of South Central Wisconsin Announces Ransomware/Breach Affecting 533,809 People
• German database company Genios confirms ransomware attack – This company is a service provider to other companies, so there are impacts well beyond Genios.

Vulnerabilities

• Fortinet Releases Security Updates for Multiple Products
• LG smart TVs may be taken over by remote attackers

If this was shared with you and you would like to receive a copy directly to your email, please subscribe at HopeNetCISO.com.  Thanks for reading!