Finally, today, I wanted to note a collection of security stories due to the change in tactics.
First, Axios reports on the latest tactics of ransomware gangs – going public with the data to prove the hack and raise the stakes. With ransom payouts dropping, public shaming becomes the new strategy. While not new, it’s becoming increasingly common.
An example — In the breach of DC Health Link, which serves DC and lawmakers, the sensitive information of 21 current members of Congress were exposed.
A Pennsylvania cancer patient filed a lawsuit against the health care provider on Monday, claiming that the organization’s failure to protect her sensitive data amounts to negligence and a breach of its basic duties to safeguard her medical records. Why? Her data was released in a ransomware attack as proof of the breach.
Why do we care?
Ransomware operators continue to elevate their game, and we move to data extortion early. Besides all the preventative measures, remember that focusing on a minimum data collection strategy is sound. With less to expose, the eventual breach is less impactful. Building a plan that tells the hackers to piss off requires some forethought, particularly with data exposure at play.
Because you or your customer may end up being sued over it.