Security News for the Week Ending October 8, 2021

Mother Sues Alabama Hospital After her Baby Died During Ransomware Attack

You know how hospitals say that even though none of their computers are working during a cyberattack, patient safety is not compromised. Unless you were born yesterday, you know that is a lie, but saying anything else would open them up to even more lawsuits. In Alabama, Springhill Medical Center shut down its fetal monitoring as a result of an attack and the staff did not know that a baby was in distress and died. If they knew, a C-Section would have saved the baby’s life. I suspect they will try to settle quietly out of court rather than creating a precedent that could be disastrous in the future. Credit: Metacurity

Account Takeover Attacks Increased 307% between 2019 and 2021

A new report just released says that account takeovers – mostly by checking to see if people reused credentials – grew at a crazy rate. These hackers use massive networks of hacked PCs (so that the IP addresses are constantly changing) to try to reuse passwords. Apparently it works. Very well. Credit: Help Net Security

Ransom Disclosure Act Would Require Ransom Payment Reporting in 48 Hours

A new bill would require ransomware victims (businesses only) to report ransom payments within 48 hours including the amount demanded, the amount paid, the type of currency and any information known about the entity demanding the ransom. It also requires DHS to make this data public, minus the entity’s name, the following year. While they say this is for statistical and trending information, but if Treasury found out that you made a payment to a banned entity and didn’t tell them first….. Credit: Bleeping Computer

White House Will Issue Security Directives to Rail and Aviation

After TSA issued a cyber directive to the pipeline industry in the wave of the Colonial pipeline attack, they now plan to issue similar directives to rail and aviation. For lower risk rail, the directives will be voluntary. It will include airport operators, air passenger companies and cargo companies. Like for the pipelines, they will have to designate a cyber coordinator and report incidents to CISA. Small steps. Credit: Fedscoop

Add Silicon to the Rest of the Chip Shortage

We all know about the chip shortage. The chip makers say it will be well into 2022 before they catch up. But add to that, China has cut back on the production of silicon, the core part of chips and many other things. That has increased the price of silicon by 300% in two months. Some companies have already declared force majeure and are breaking contracts and suspending sales. Silicon manufacturing takes a lot of energy and China is trying to reduce energy consumption. The fact that it puts some of their adversaries in a bind, well, you figure it out. Silicon is used in everything, so the cost increase will create shortages of many, many products and fuel inflation. Since US companies decided decades ago it is better to farm out dirty, expensive manufacturing to third world countries (at the time), this is a crisis of our own making with no obvious cure. Credit: Yahoo News

by