Hand-picked headlines from Datarisk Canada’s dedicated cybersecurity curators.
Claudiu’s Top Story
CBC NEWS: N.L. Patient, Employee Data Stolen in Health-Care Cyberattack
Hackers stole personal information connected to both patients and employees in the Eastern Health and Labrador-Grenfell Health regions of Newfoundland and Labrador’s health-care system as part of a recent cyberattack, according to officials. The information was accessed through the province’s Meditech data repository, which includes a patient information database as well as core communication tools, such as email.
Newfoundland
CTV NEWS: ‘It’s Going to Get Worse’: Maritime Experts Warn of Increasing Cybersecurity Threats
The recent cyberattack in Newfoundland is raising questions about national security systems and how prepared Canada is for further cyberattacks. Healthcare is a particularly vulnerable sector which has seen increased attacks over the course of the pandemic. Organizations need to ramp up security as well as develop response plans to prepare for the worst.
DDoS Attacks
CLOUDFLARE: DDoS Attack Trends for Q3 2021
According to the latest numbers from Cloudflare, DDoS (Distributed Denial-of-Service) attacks increased dramatically in the third quarter of 2021, with U.S. organizations being the most affected by far. Canadian organizations are the third most targeted in the world.
Phone Scams
PROOFPOINT: Caught Beneath the Landline: A 411 on Telephone Oriented Attack Delivery
New research suggests that tens of thousands of telephone oriented cyberattacks occur on a daily basis, with some individual victims losing up to $50,000 per attack. Different forms of scams include pushing fake computer security services, selling fake concert tickets, and getting victims to download malware under a number of different pretexts. Overall, Proofpoint has observed a marked increase in the volume of this kind of cyberattack.
Data Breach
CNN: Hackers Have Breached Organizations in Defense and Other Sensitive Sectors, Security Firm Says
Security firm Palo Alto reports that nine organizations in regulated sectors have been breached, likely by foreign hackers. One of those organizations is, reportedly, in the United States. Officials from the NSA and CISA are tracking the threat, which may include the theft of passwords and the goal of maintaining long-term access to networks. The identity of the hackers is currently undisclosed.
International
WIRED: Ignore China’s New Data Privacy Law at Your Peril
On November 1, China’s first comprehensive data privacy law came into effect, boosting protections to hundreds of millions of consumers. The Personal Information Protection Law (PIPL) places greater restrictions what can be done with the data and personal information that companies and individuals collect, which adds pressure to organizations doing business in China. Overseas companies that do not comply with PIPL may be placed on a national blacklist, for instance.
