posts
The Breach That Started With a Single Unpatched System In February 2024, UnitedHealth Group's subsidiary Change Healthcare suffered a ransomware attack that disrupted healthcare payment processing across the United States for weeks. The attackers gained access through a Citrix remote access portal that lacked multi-factor authentication. One system.
The SEC Made It Official — Your Board Can't Plead Ignorance Anymore In July 2023, the SEC finalized rules requiring publicly traded companies to disclose material cybersecurity incidents within four business days and to describe their board's oversight of cyber risk annually. That wasn't a
The $350 Million Acquisition That Fell Apart Over a Data Breach When Verizon moved to acquire Yahoo in 2017, the deal was nearly complete. Then Yahoo disclosed two massive data breaches affecting all three billion user accounts. Verizon knocked $350 million off the purchase price. That single failure in cybersecurity
The SolarWinds Wake-Up Call for Every Boardroom When the SolarWinds breach came to light in December 2020, it didn't just compromise 18,000 organizations including multiple U.S. federal agencies. It put a spotlight on something security professionals have been shouting about for years: boards of directors are
