A cyber attack on the Florida Department of Health has compromised the state’s ability to issue death and birth certificates, potentially endangering sensitive patient data. The ransomware group RansomHub claimed to have stolen 100 gigabytes of data, which they threatened to release if not paid, though Florida law prohibits such payments. The attack has crippled the department’s Vital Statistics system, forcing funeral directors to manually complete and transport death certificates, subsequently delaying burial permits and access to benefits like social security and insurance claims. This incident follows prior threats by RansomHub against other health-care organizations, including Change Healthcare.

Ransomware Attack Hits Florida Department of Health Government Technology

Snowflake has implemented a new security policy requiring multifactor authentication (MFA) for all users or specific roles within its platform, following a series of attacks targeting over 100 customer environments lacking this security measure. MFA will now be the default setting for newly created customer accounts, as stated by CISO Brad Jones. The decision comes after an investigation by CrowdStrike and Mandiant confirmed no vulnerabilities in Snowflake's platform led to the incidents. These breaches involved demo accounts accessed with stolen credentials from a former employee. While existing customer accounts can opt-out of MFA, Snowflake is encouraging adoption through frequent prompts and introducing the Snowflake Trust Center and security scanners to enhance overall compliance and mitigate risks.

Snowflake allows admins to enforce MFA as breach investigations conclude Cybersecurity Dive

Cybersecurity jobs, particularly for Chief Information Security Officers (CISOs), offer lucrative salaries ranging from $400,000 to $1 million annually. Despite the financial incentives, job satisfaction remains low, with three-quarters of CISOs considering a job change in 2023. This dissatisfaction stems from high-pressure responsibilities, personal liability, and insufficient support and understanding from organizational leadership regarding cybersecurity risks. The lack of direct engagement with company boards exacerbates the issue, leading to decreased effectiveness, higher turnover, and weakened security cultures within companies. To improve satisfaction and security outcomes, organizations must integrate CISOs into leadership discussions and adequately invest in proactive cybersecurity measures.

As CISOs grapple with the C-suite, job satisfaction takes a hit Cybersecurity Dive

The debate over banning ransomware payments was a key topic at a recent Oxford Cyber Forum, where CISA Director Jen Easterly expressed skepticism about such a ban being implemented in the U.S. Although some experts, like former UK National Cyber Security Centre head Ciaran Martin, have advocated for a ban, current consensus suggests that it could do more harm than good. A federal ban may drive companies to pay ransoms secretly, undermining accurate threat intelligence and risk management efforts. Furthermore, fake "data recovery" firms could exploit such a ban, increasing fraudulent activities. Instead, the U.S. is focusing on initiatives like improved incident reporting, shared intelligence, law enforcement action, and promoting secure-by-design principles to tackle ransomware threats more effectively.

CISA director says banning ransomware payments is off the table securityintelligence.com

A cyber attack on the Florida Department of Health has compromised the state’s ability to issue death and birth certificates, potentially endangering sensitive patient data. The ransomware group RansomHub claimed to have stolen 100 gigabytes of data, which they threatened to release if not paid, though Florida law prohibits such payments. The attack has crippled the department’s Vital Statistics system, forcing funeral directors to manually complete and transport death certificates, subsequently delaying burial permits and access to benefits like social security and insurance claims. This incident follows prior threats by RansomHub against other health-care organizations, including Change Healthcare.

Ransomware Attack Hits Florida Department of Health Government Technology

Snowflake has implemented a new security policy requiring multifactor authentication (MFA) for all users or specific roles within its platform, following a series of attacks targeting over 100 customer environments lacking this security measure. MFA will now be the default setting for newly created customer accounts, as stated by CISO Brad Jones. The decision comes after an investigation by CrowdStrike and Mandiant confirmed no vulnerabilities in Snowflake's platform led to the incidents. These breaches involved demo accounts accessed with stolen credentials from a former employee. While existing customer accounts can opt-out of MFA, Snowflake is encouraging adoption through frequent prompts and introducing the Snowflake Trust Center and security scanners to enhance overall compliance and mitigate risks.

Snowflake allows admins to enforce MFA as breach investigations conclude Cybersecurity Dive

Cybersecurity jobs, particularly for Chief Information Security Officers (CISOs), offer lucrative salaries ranging from $400,000 to $1 million annually. Despite the financial incentives, job satisfaction remains low, with three-quarters of CISOs considering a job change in 2023. This dissatisfaction stems from high-pressure responsibilities, personal liability, and insufficient support and understanding from organizational leadership regarding cybersecurity risks. The lack of direct engagement with company boards exacerbates the issue, leading to decreased effectiveness, higher turnover, and weakened security cultures within companies. To improve satisfaction and security outcomes, organizations must integrate CISOs into leadership discussions and adequately invest in proactive cybersecurity measures.

As CISOs grapple with the C-suite, job satisfaction takes a hit Cybersecurity Dive

The debate over banning ransomware payments was a key topic at a recent Oxford Cyber Forum, where CISA Director Jen Easterly expressed skepticism about such a ban being implemented in the U.S. Although some experts, like former UK National Cyber Security Centre head Ciaran Martin, have advocated for a ban, current consensus suggests that it could do more harm than good. A federal ban may drive companies to pay ransoms secretly, undermining accurate threat intelligence and risk management efforts. Furthermore, fake "data recovery" firms could exploit such a ban, increasing fraudulent activities. Instead, the U.S. is focusing on initiatives like improved incident reporting, shared intelligence, law enforcement action, and promoting secure-by-design principles to tackle ransomware threats more effectively.

CISA director says banning ransomware payments is off the table securityintelligence.com