Novel variant of wiper linked to Viasat attack during Ukraine war raises new fears

Researchers at SentinelLabs warn the new variant, called AcidPour, could place IoT, networking devices at risk. 

By David Jones • March 22, 2024

Change Healthcare’s drawn-out recovery catches flak from cyber experts

At least 100 services remain offline four weeks after the UnitedHealth Group detected an intrusion in its medical claims clearinghouse. Experts say the impacts are unprecedented.

By Matt Kapko • March 21, 2024

Change Healthcare cyberattack could damage credit at small providers: Fitch

Smaller companies may already have worse credit ratings and could struggle with cash flow disruptions caused by the outage.

By Emily Olsen • March 21, 2024

Five Eyes implores critical infrastructure execs to take China-linked threats seriously

Officials are pushing tips to help potential victims detect and mitigate Volt Typhoon’s evasive techniques as the was warnings take on urgency.

By Matt Kapko • March 20, 2024

More warnings emerge about state-linked cyber threats to water infrastructure

The White House and EPA set an urgent virtual meeting with state homeland security and other top officials, citing efforts to boost the resiliency of drinking and wastewater treatment systems.

By David Jones • March 20, 2024

How companies describe cyber incidents in SEC filings

The words businesses use in cybersecurity disclosures matter. They can channel confidence in the recovery process, potential impacts and legal liabilities.

By Matt Kapko • March 19, 2024

Audit committees rank cybersecurity as top priority amid SEC crackdown

Cyberattacks are just one of several rapidly changing threats confronting audit committees, according to the Center for Audit Quality and Deloitte.

By Jim Tyson • March 14, 2024

Change Healthcare locates ransomware attack vector

Though the UnitedHealth Group subsidiary’s recovery efforts are ongoing, a forensic analysis identified a safe system restoration point.

By Matt Kapko • March 14, 2024

HHS opens investigation into Change Healthcare cyberattack

The Office for Civil Rights will focus on whether protected health information was breached and if UnitedHealth complied with privacy and security requirements. 

By Emily Olsen • March 14, 2024

White House meets with UnitedHealth, industry groups on Change Healthcare cyberattack fallout

Officials called on payers to cut red tape and offer financial support to providers, including advanced payments. 

By Emily Olsen • March 13, 2024

Ransomware festers as a top security challenge, US intel leaders say

U.S. intelligence leaders warn ransomware activity is growing, despite high profile efforts to seize threat actors’ infrastructure.

By Matt Kapko • March 12, 2024

CISA attacked in Ivanti vulnerabilities exploit rush

The nation’s cyber defense agency was hit “about a month ago” by widely exploited vulnerabilities in the popular remote access VPN product.

By Matt Kapko • March 11, 2024

Ransomware attacks are hitting critical infrastructure more often, FBI says

The agency received more reports of ransomware last year, but officials remain troubled by the amount of attacks that go unreported.

By Matt Kapko • March 11, 2024

Microsoft’s security woes persist as Midnight Blizzard remains on the offensive

The Russia state-sponsored threat actor is using secrets it stole from Microsoft’s systems to gain or attempt to gain further access to the company’s IT infrastructure.

By Matt Kapko • March 8, 2024

Change Healthcare faces potential class action as lawsuits rack up

At least six federal lawsuits seeking class-action status were filed since the cyberattack, alleging the technology firm didn’t have reasonable cybersecurity measures.

By Emily Olsen • March 8, 2024

Change Healthcare says its largest claims clearinghouses are coming back online

The technology firm said more than $14 billion in claims were prepared for processing and will start flowing soon. 

By Emily Olsen • Updated March 25, 2024

CMS rolls out provider flexibilities amid fallout from Change cyberattack

Provider groups said the government should go further to financially bolster providers during the outage at Change Healthcare.

By Emily Olsen • March 5, 2024

Amex cardholder data exposed in merchant processor hack

The point-of-sale attack on a merchant processor may have compromised card numbers, expiration dates and cardholder names, Amex said in a state regulatory filing.

By Caitlin Mullen • March 5, 2024

Change Healthcare cyberattack having ‘far-reaching’ effects on providers

Providers said the outage at the UnitedHealth-owned technology company has affected billing, eligibility checks, prior authorization requests and prescription fulfillment.

By Emily Olsen , Susanna Vogel • March 5, 2024

AlphV’s hit on Change Healthcare strikes a sour note for defenders

The ransomware group didn’t just regroup quickly after a law enforcement takedown. It carried out the worst attack on U.S. infrastructure to date, according to experts.

By Matt Kapko • March 4, 2024

In ConnectWise attacks, Play and LockBit ransomware exploits developed quickly

The incidents highlight rapid ongoing exploitation by criminal threat actors as customers are urged to patch.

By David Jones • March 4, 2024

Why Okta is overhauling its priorities, culture around security

CSO David Bradbury acknowledges the company’s brand is tarnished. “We need a track record of zero breaches. That’s what builds trust.”

By Matt Kapko • March 1, 2024

Okta reports ‘minimal’ financial impact following support portal attack

The identity and access management firm is promising to make security a top priority, even though Okta’s CFO said the attack fallout is “not quantifiable.”

By Matt Kapko • Feb. 29, 2024

Okta, with a bruised reputation, rethinks security from the top down

CSO David Bradbury detailed to Cybersecurity Dive what the identity and access management company got wrong and the security pledges it's making to customers.

By Matt Kapko • Feb. 27, 2024

LockBit group revives operations after takedown

The comeback is no surprise to experts — and some think LockBit as a brand is dead — but the reemergence underscores persistent challenges for authorities.

By Matt Kapko • Feb. 26, 2024