Cybersecurity incidents reported in several companies' SEC 8-K filings. Microsoft, loanDepot, First American Financial Corp, VF Corp, Fidelity National Financial, Inspired Entertainment, LivaNova PLC, Mr. Cooper Group Inc., Mueller Water Products, Henry Schein INC, 23andMe Holding Co., Johnson Controls International plc, PROG Holdings, Clorox Co, Caesars Entertainment, MGM Resorts International, Middlefield Banc Corp all disclosed cybersecurity incidents. Some of the breaches were material, with a number of them involving record compromise, but details on the impact and the specific data types were often unknown.

Cybersecurity Incident Tracker board-cybersecurity.com

Russian state hackers accessed senior Microsoft executives' inboxes for six weeks; no customer data, production systems accessed. Microsoft discovered attack in January, linked with Russian hacking group Midnight Blizzard. Incident currently not affecting company’s financial condition or operations.

Microsoft: Russian Hackers Had Access to Executives' Emails BankInfoSecurity

Hackers are directly targeting patients in ransomware attacks against healthcare providers, seeking payments to prevent publicizing personal medical information. Post-cyberattack lawsuits show a shift from targeting hospitals to patients for payments up to $50. Cybersecurity researchers say smaller firms or companies with sensitive data could become prime hacker targets. The potential for personal extortion complicates a providers' preparation and response to breaches. Instances of this have spiked in 2023 despite fewer victims paying ransom. Lawsuits from patients have accused providers of failing to protect sensitive data and mismanaging the aftermath. Lawsuits also allege negligence, delayed communication and breach of contract. Agencies are trying to convince entities like universities, local governments, and companies to protect their networks. Ransomware attacks are less fruitful, making stealing data more viable. Hackers are turning attention to smaller medical targets for easy attacks. As encryption becomes more sophisticated, traditional methods of demanding payment to access data aren't as effective. With medical data almost impossible to retrieve once published online, victims are seeking legal relief. Healthcare organizations are advised to enhance their security incident disclosure programs. Introduction of stricter security protocols in policies and increased network protections have been steps in warding off attacks. Legal experts say it remains challenging to balance providing accurate information with meeting state and federal regulatory breach notification obligations.

Patients Extorted Over Photos Sue Doctors for Security Failures Bloomberg Law

Russia-linked actor hacks senior Microsoft executives' emails; scant details provided says CrowdStrike CEO George Kurtz. Kurtz criticizes timing of disclosure and lack of meaningful explanation. Microsoft ties hack to Midnight Blizzard, group behind 2020 SolarWinds breach. Microsoft attributes incident to late November 2023 password spray attack compromising a legacy non-production test account. Kurtz questions connection between non-production environment and high-level email compromise. Microsoft's disclosure limited to breach following SEC rules, Kurtz expects more to emerge.

CrowdStrike CEO: Microsoft Explanation For Russia Hack Doesn’t Add Up CRN