In a landmark case, Springhill Memorial Hospital in Alabama allegedly fails to honor a settlement related to the death of Nicko Silar, an infant whose demise is linked to a 2019 ransomware attack that impeded clinicians' access to crucial fetal monitoring data. Teiranni Kidd, the mother, claims her lawsuit settlement reached in April 2024 remains unpaid, prompting a court motion to enforce the agreement. The hospital's alleged new demands have raised questions about their motivations, possibly to amend terms or avoid a binding settlement. The case underscores the growing patient safety concerns tied to cyberattacks in healthcare, reflecting broader systemic vulnerabilities.

Hospital Allegedly Skirting Ransomware Death Suit Settlement bankinfosecurity

A recent study by Trend Micro reveals that nearly 80% of CISOs and IT security leaders feel pressured by corporate boards to downplay cyber risks to protect company reputation, revenue, and profitability. This tension highlights ongoing discrepancies within upper-level corporate structures regarding the management and communication of security risks. Contradictory findings from a Proofpoint report show increased alignment between CISOs and boards, with 84% of CISOs reporting improved understanding compared to 62% the previous year. Despite improved relationships, CISOs still face high expectations and immense pressure, with growing concerns about personal liability and a preference for personal liability insurance before joining new companies.

CISOs under pressure from boards to downplay cyber risk: study cybersecuritydive

Senator Ron Wyden has called for accountability over UnitedHealth Group's handling of a ransomware attack on Change Healthcare, criticizing the company for having an inadequately experienced Chief Information Security Officer and for failing to maintain essential cybersecurity measures like multi-factor authentication. Wyden's letter to the Federal Trade Commission (FTC) and Securities and Exchange Commission (SEC) compares the incident to the SolarWinds breach and argues that UnitedHealth's executives and board should be held responsible for these lapses, which affected millions of patients and providers. He urges regulatory action in line with previous FTC and SEC cases addressing cybersecurity failures in other companies.

UnitedHealth leaders 'should be held responsible' for installing inexperienced CISO, senator says therecord.media

The U.S. Department of Justice, in collaboration with international authorities, has arrested YunHe Wang, the alleged operator of the 911 S5 anonymity service, which was powered by a massive botnet. The service exploited computers using free VPN products to relay Internet traffic, enabling billions in online fraud. Nearly 560,000 fraudulent unemployment claims and substantial economic injury disaster loan applications are linked to IP addresses compromised by 911 S5. Operating from 2015 until its termination in 2022, 911 S5 sold access to numerous compromised computers as proxies. Wang faces charges including computer fraud and money laundering, and may face up to 65 years in prison. Authorities have seized significant assets, including luxury cars and properties, and continue efforts to extradite Wang to the U.S. for trial. Users are urged to check if their computers were part of the botnet via an FBI webpage.

Is Your Computer Part of ‘The Largest Botnet Ever?’ KrebsOnSecurity