A California security camera company agreed to pay a $2.95 million civil penalty and implement a security program after hackers in 2021 accessed video from 150,000 internet-connected security cameras, including from devices placed inside psychiatric hospitals and women's health clinics.
A bipartisan House bill aims to bolster cybersecurity in the healthcare sector by requiring stronger collaboration between CISA and the Department of Health and Human Services. The bill is a companion to nearly identical bipartisan legislation introduced in the Senate in July.
Recent developments suggest the U.S. is taking a more serious approach to holding faster payments platforms accountable for scams. It's unlikely any changes will occur before the November U.S. election, but the move toward more regulation is a good start, said Ken Palla, retired MUFB Bank director.
The Justice Department intervened in a whistleblower lawsuit against the Georgia Institute of Technology and the Georgia Tech Research Corp. for allegedly failing to implement federally required cybersecurity protections while overseeing sensitive government data.
The SolarWinds case has intensified legal risks for CISOs. A judge validated the SEC's theory of intentional securities fraud against Tim Brown, the SolarWinds' CISO, marking the first time a federal court accepted this theory against a CISO, said Jess Nall, partner at Baker McKenzie.
A ransomware attack against Berlin, Maryland-based Atlantic General Hospital that affected the personal information of 137,000 individuals in 2023 has led to a $2.25 million preliminary settlement of a consolidated proposed federal class action lawsuit.
The SolarWinds case has redefined cybersecurity disclosure obligations, especially for chief information security officers. The SEC's novel theories in this case have set a precedent for how organizations must present their cybersecurity practices, said Jennifer Lee, partner at Jenner & Block.
As McLaren Health Care continues to restore its IT systems in the wake of a ransomware attack last week, some Michigan government officials are warning consumers about potential cybercrimes and other concerns stemming from that and similar cyber incidents involving healthcare groups in the state.
Federal regulators and SolarWinds are eyeing a truce weeks after a judge dismissed most claims related to misleading investors about the company's security practices and risks. SEC lawyer Christopher Bruckmann said his team "proposed specific settlement terms," but the defense is unlikely to accept.
Delta Air Lines' war of words against CrowdStrike and Microsoft over its extended IT outage continue to escalate, with the airline threatening litigation to recover $500 million in lost revenue and expenses. CrowdStrike and Microsoft have pledged to vigorously fight any such litigation.
Prospect Medical Holdings continues to face mounting legal and business fallout from the 2023 ransomware attack that disrupted IT operations at 16 of its hospitals for several weeks and resulted in a data breach that affected 1.3 million people.
CrowdStrike has dismissed claims of negligence leveled at it by Delta Air Lines, which is threatening to sue after a faulty security software update led to days of IT disruption. In response, the cybersecurity vendor is asking why Delta's competitors recovered so much more quickly.
CrowdStrike faces a putative class action lawsuit over the widespread global IT outage in late July that caused major disruptions at airports and hospitals after the company pushed through a faulty update to its Falcon platform, causing its stock prices to plummet.
A federal judge has dismissed several claims but has given the green light for plaintiffs to move forward with other allegations in a proposed class action filed against electronic health records vendor NextGen in the aftermath of a 2023 ransomware attack that affected about 1 million people.
Software vendor MCG Health has agreed to pay $8.8 million to settle a consolidated proposed federal class action lawsuit involving a 2020 hacking incident. The suit claims the company took two years to identify and report a data theft that affected about 1.1 million people.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.