One Article Review
| Source |  NoticeBored |
|---|---|
| Identifiant | 488161 |
| Date de publication | 2018-02-22 16:38:06 (vue: 2018-02-22 16:38:06) |
| Titre | NBlog February 22 - responsible disclosure |
| Texte |  Today I've been scouring the web for news on cryptominer incidents to incorporate into next month's awareness materials on malware.As well as the usual doom-n-gloom reports from assorted antivirus companies bigging-up the cryptominer threat, I came across an interesting letter from a US hospital, formally notifying patients about an incident.The infection was identified back in September 2017, and eradicated within 4 days of detection.Although the malware infection was a relatively benign cryptominer, the hospital sent a formal notification letter to patients at the end of January 2018 since the infected system held their medical data.  Full marks to the hospital management for 'fessing up to the incident and publicly disclosing it, and for apparently handling the incident in a professional and reasonably efficient manner (although arguably 4 months is an age in Internet time).They have offered free credit monitoring services, more appropriate in case of identity fraud ... which is a possibility if the malware gained privileged access to the system. I wonder, though, whether this letter was simply part of their pre-prepared generic response to a cyber-incident, perhaps a defensive move prompted by their lawyers just in case personal/medical information was disclosed inappropriately. |
| Envoyé | Oui |
| Condensat | full more 2017 2018 since a formal about access across age although antivirus anyway apparently appropriate are arguably aspects assorted audience awareness back been benign bigging briefing came can case clip companies contemplate cool credit cryptominer cyber data days decks defensive detection disclosed disclosing disclosure discuss doom efficient end eradicated explain february fessing formally fraud from gained general generic get gloom go: handling have held hospital identified identity inappropriately incident incidents incorporate infected infection information interest interesting internet january just lawyers letter letter to little malware management manner marks materials maybe medical monitoring month months move nblog news next notification notifying offered free one papers part patients people perhaps personal/medical possibility pre prepared privileged professional professionals/specialists program prompted publicly reasonably relatively relevant reports response responsible scouring sent september services share simply slide staff story study system though threat three through time times today use usual value web well whether which within wonder |
| Tags | |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.