SC Media spoke to experts that offered some hard truths about the Kronos payroll disruptions that emerged after the company fell victim to a ransomware attack: impacted providers share the blame.

Researchers say the skimmers used a cloud video platform to hit more than 100 websites – all owned by the same parent company.

Access to Broward Health was gained via a third-party connection and resulted in a massive data theft. This week’s healthcare breach roundup highlights vendor-related incidents and HIPAA compliance reporting issues.

Some healthcare employees are finding discrepancies in their paychecks, with Penn Highlands Healthcare among those providing regular updates on how the Kronos attack is affecting its payroll. In short, the time and attendance system outage will continue to impact payroll until the system is restored to full function. But Kronos has not provided an updated timeframe for when that might occur, nor can it advise clients on when the system will be again operational “since each of their thousands of clients must be reactivated individually,” Penn Highlands officials explained.

In part one of a three-part series, we examine the recent alarm bells sounded in recent months about the distinct security risks faced by financial advisory firms.

Experts in cybersecurity and defense contracting tell SC Media that 2022 should be a year of action for CMMC, one where the government moves from talking about how best to measure the cybersecurity compliance of its contractors to actually doing it. But it's still not clear that the contracting community is fully ready to embrace the new standards, while much work remains to be done before the program becomes operational.

Like the SolarWinds attack, experts say Log4j is ubiquitous and of particular concern for financial sector institutions (FSIs).

Quickly putting to use its new threat mitigation resource website, HHS is urging public health and healthcare sector entities to prioritize remediation of Apache Log4j vulnerabilities.

But among the most challenging aspects of risk assessment involves third-party suppliers – and fourth- and fifth- party suppliers even ensuring entities with access to networks or information are not exposed themselves.

We asked Dawn Cappelli, CISO at manufacturing giant Rockwell Automation and member of SC Media sister organization Cybersecurity Collaborative, to offer a detailed look at the last week's efforts to safeguard systems and evaluate risk tied to the Log4j vulnerability. "I'm afraid for companies," she said of those in manufacturing that have not paid close enough attention to third-party risk.