Summary:
In June, a ransomware attack on a UK company, Synnovis, a private firm that analyzes blood tests, "crippled services at two major National Health Service hospital trusts, Guy's and St. Thomas' and King's College." A week later, a spokesman described the situation as 'critical'. Hundreds of surgeries had been postponed, and the backlog of blood tests was large enough that medical students were asked to donate their time to helping.

Summary: A UK company Synnovis, which manages blood transfusions and blood testing services was disabled by a ransomware attack. "Ciaran Martin, a former head of British cybersecurity, told BBC Radio 4 on Wednesday that a Russian cybercriminal group known as Qilin was most likely behind the attack." The ransom demand is said to be $50M (according to a Techradar article.

Summary:
Not only did the ransomware attack on Synnovis disrupt health care at major hospitals, but it was also accompanied by the theft of 400GB of patient records.

Summary:
Kaspersky software has not been implicated in any nefarious activities, but the US government has long been uneasy about its popular system security product because the company's founder has ties to the Russian government (see this 2017 article in SC Media). In 2017 the US barred government agencies and their contractors from using its antivirus product. The other shoe has taken 7 years to drop, but the Department of Commerce, which was rumored to be poised to ban import and sales of Kaspersky products, did indeed proceed with that ban.

Today, the Department of Commerce's Bureau of Industry and Security (BIS) announced a Final Determination prohibiting Kaspersky Lab, Inc., the U.S. subsidiary of a Russia-based anti-virus software and cybersecurity company, from directly or indirectly providing anti-virus software and cybersecurity products or services in the United States or to U.S. persons. The prohibition also applies to Kaspersky Lab, Inc.'s affiliates, subsidiaries and parent companies (together with Kaspersky Lab, Inc., "Kaspersky").

Summary:

Summary:

Summary:

Summary:
CDK was in the process of restoring some of its systems when a second attack threw them into chaos again. They took systems offline and advised dealerships not to connect to their VPN until further notice. Pencil-and-paper workarounds used by some dealerships kept some operations going, but the inability to access previous transactions was a definite impediment.

Summary:
Somehow AT&T phone records from two years ago were illegally accessed. As a result, the phone call records, a year's worth, for their non-government customers were revealed. Although the information is "only" which phone numbers called which other phone numbers, the information could be mined to reveal contact patterns of interest to criminals, law enforcement, or plain old snoops. Some clever data analyst might be able to discover social connections that could be used for directed advertising, either commercial or political. However, AT&T believes that the data is not available to the public.

Summary:
AT&T reports that in April they learned that some customer data had been illegally downloaded from a cloud platform. One person was apprehended. The data probably remained with the perpetrators and is not publicly available.

Summary:
A botched update of a security app for Microsoft Windows caused disruption across many business sectors. Although only a percent of all Windows machines were affected, some of those were important to scheduling airline flights, for example. In the health sector, lives were on the line when hospitals, notably all Kaiser Permanente facilities, were unable to schedule surgeries (ER rooms remained open). Massachusetts General and Providence Health systems were also affected. The software in question is CrowdStrikes's Falcon system. The update invoked a fatal error that crashed the Windows OS. Although it looked liked a massive cyberattack, CrowdStrike explained that it was simply a bug, one that they were working on fixing.

Summary:

Summary:
About 700 Britons who ran Post Office stations were accused of misappropriating funds based on the accounting done by the software system, Horizon, that they were required to use. Even though that system was revealed as severely faulty, the victims of the unwarranted prosecution are still having trouble clearing their names.

The Post Office offered this statement: "We are deeply sorry for the pain which has been suffered by so many people, their families and friends throughout the Horizon IT scandal." The Post Office is working "as fast as we can" to financially redress the falsely accused postmasters.