Tag Archive for: Jersey

New Jersey Takes Stock of Cybersecurity Threats, Protections

/in


There’s a cybersecurity concern that often doesn’t get enough attention, according to New Jersey CISO Michael Geraghty. That’s systemic cybersecurity risk, where an attack on one organization has effects that ripple out across the wider sector.

“Most of the time we think of, let’s say, a school system gets hit with ransomware, a system has to shut down, and it’s a localized incident,” said Geraghty, who is also director of the New Jersey Cybersecurity and Communications Integration Cell (NJCCIC).

But attacks like the recent ransomware incident that disrupted Change Healthcare show just how hard systemic impacts can hit. Through that attack, actors were able to affect hospitals across the country.


“Here we have one organization — Change Healthcare — where it’s an individual organization that’s affecting the rest of the health-care system in the United States,” Geraghty said.

UnitedHealth Group’s Change Healthcare is a major medical claims processor. BlackCat ransomware struck the company, leading to a prolonged outage that left many hospitals and other health-care providers struggling to submit claims to insurance. Many have been running low on funds. The CEO of independent physician practices network Aledade told the Washington Post that about a quarter of U.S. physician practices are in severe financial distress.

Systemic risk is especially high in sectors where many players rely on the same vendor or technology. That’s what’s made Change Healthcare, MOVEit and Citrix Bleed nationwide events.

New Jersey organizations suffered from the latter two, with MOVEit compromising the personal info of more than 1 million residents, based on incidents reported to NJCCIC, per the state’s 2024 Threat Assessment report. And Citrix Bleed disrupted New Jersey hospitals, forcing problems ranging from slow patient care to postponed surgeries.

In contrast, election infrastructure is highly diversified, so a single attack would not have wide-scale impacts on election security, Geraghty said. He added that vendor and technology diversification is just one possible security approach, and that organizations…

Source…

2 New Jersey hospital emergency rooms closed due to ransomware attack

/in



Both hospitals are part of the Hackensack Meridian Health system – Pascack Valey Medical Center in Westwood, New Jersey, and Mountainside Medical Center in Montclair.

Source…

Silent cyber coverage here to stay? New Jersey Appellate Court rejects insurers’ attempt to expand scope of the war exclusions to cyber claims

/in


The War and Hostile Action Exclusions have been standard exclusions in property and general liability policies for decades. With the rise of cyber claims, insurers have turned to these exclusions to deny coverage where the bad actor may have governmental roots. In a win for policyholders, the New Jersey Appellate Division rejected the insurers’ attempt to deny coverage and held that the hostile/warlike action exclusion did not apply to non-military, cyber-attack claims. See Merck & Co. v. ACE American Insurance Co.1 This ruling affirms the traditional scope of these exclusions and establishes that coverage under a commercial property policy for property damage caused by cyber-related incidents, colloquially known as “silent cyber” coverage, persists.

Merck & Co. v. ACE American Insurance Co.

On June 27, 2017, New Jersey pharmaceutical company, Merck & Co. (“Merck”), suffered a cyber-attack that left thousands of Merck’s computers damaged and encrypted by the malware known as NotPetya. The malware caused large-scale disruption to Merck’s business, resulting in $699,475,000 in losses. Although the exact origin of the malware was unknown, it was believed to have originated from the Russian Federation.

Merck tendered the claim to its all-risk property insurance carriers. The insurers reserved their right to deny coverage pursuant to hostile/warlike action exclusions and then subsequently denied coverage. Specifically, these exclusions exclude coverage for “loss or damage caused by hostile or warlike action” which was caused by “any government or sovereign power . . . or by military, naval or air forces . . . or by an agent of such government . . . .”2 The insurers argued that the word “hostile” should be broadly read to mean any antagonistic, unfriendly, or adverse action by a government or sovereign power, including the Russian Federation. Rejecting the insurers’ argument, the trial court held that the hostile/warlike action exclusions were inapplicable to the NotPetya related claims. The insurers appealed.

The New Jersey Court of Appeals Narrowly Construed the Hostile/Warlike Action Exclusion

On appeal, the Court looked to the plain and ordinary…

Source…

Ransomware group claimed to have hit a New Jersey cardiology group. Did they?

/in


On September 2, the NoEscape ransomware group added Mulkay Cardiology Consultants to their leak site and claimed to have successfully encrypted them.

“We have 60GB of confidential and personal data on more than 30,000 patients, scans, doctor’s conclusions about patients and many other confidential information,” they claimed in their listing about the New Jersey medical practice.

Listing on NoEscape claims to have locked and exfiltrated 60 GB of files. Image: DataBreaches.net

DataBreaches checked Mulkay’s website at the time and found nothing amiss and no email address or contact form to use to contact them. DataBreaches reached out to NoEscape via their contact form to request some proof of claims, but received no reply.

On September 19, DataBreaches noticed that NoEscape had added a “DDoS” label to the Mulkay listing and to several other victims’ listings. Attempts to connect to Mulkay’s site returned a 508 error (resource limit reached).

On re-check today, Mulkay’s website is reachable, and there is no alert or notice on it to indicate any breach or issue.

Of note, the Mulkay listing on NoEscape’s leak site could not be found there today. DataBreaches sent an inquiry earlier today to NoEscape asking about its removal but received no reply.

Did Mulkay pay, or was the listing removed because they started to negotiate, or is there some other reason? DataBreaches will continue to try to find out about the alleged attack.

Source…