Grim Projections for Cybersecurity Worsened by Pandemic Before COVID-19 swept the globe, experts were already predicting a disastrous year in cybersecurity. The pandemic offered hackers new attack vectors and proved governments must always be ready for the unexpected. Lucas Ropek, Government Technology | December 15, 2020 | Analysis
In March, the Cyberspace Solarium Commission asked Americans to consider the possibility of a disastrous cyberattack, a kind of “cyber Pearl Harbor,” that turned the nation’s infrastructure on its head. The commission, convened by Congress in 2019 to study the threats that lurk in cyberspace, was not optimistic about the nation’s capacity to defend against such an event. Their report, at nearly 200 pages, was filled with analysis and policy proposals, but its basic message was simple: The U.S. was “dangerously insecure in cyber.”
The SolarWinds Orion Data Breach into Federal and Civilian Organizations Highlights a Silent Agenda by Foreign Actors
It started with the Treasury Department notification of “a sophisticated hacking group backed by a foreign government stole information from the U.S. Treasury Department and a U.S. agency responsible for deciding policy around the internet & telecommunications.”
Within hours the origin of that massive data breach was identified by the federal Cybersecurity Infrastructure and Security Agency (CISA) as a significant risk to government databases and private sector businesses. The breach was attributed to computer intrusion through
SolarWinds Orion:
WASHINGTON – The Cybersecurity and Infrastructure Security Agency (CISA) tonight issued Emergency Directive 21-01, in response to a known compromise involving SolarWinds Orion products that are currently being exploited by malicious actors. This Emergency Directive calls on all federal civilian agencies to revie
09:58 AM
The U.S. Department of Health and Human Services released a snapshot this past week detailing breaches reported to the Office of Civil Rights in October.
In total, more than 2 million individuals had their records exposed by the 58 reported breaches, though it is possible that the same patients were affected by multiple incidents.
It s worth noting that the Secretary must, by law, post breaches of unsecured protected health information affecting 500 or more individuals – meaning breaches affecting fewer than that were not listed.
WHY IT MATTERS
According to HHS, slightly more than a third of the breaches reported in October took place over email, and about 40% took place over a network server.