Sign up to save your podcasts
Or
Share TSYS Ransomware Attack, Canvas Data Breach & HIPAA Security Failures Explained
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
TSYS Ransomware Attack, Canvas Data Breach & HIPAA Security Failures Explained
A major U.S. payment processor just got hit by ransomware, again. TSYS, one of the largest payment processors in the country, has been attacked by the Everest ransomware group for the second time in five years. Industry experts warned this was coming. It happened anyway. At the same time, ShinyHunters claims it stole 275 million records from Instructure, the company behind Canvas, the learning platform used by over 9,000 schools. Names, student IDs, and billions of private messages between students and teachers are now at risk. And in healthcare, regulators just fined four companies $1.165 million for ransomware-related failures, not because they were hacked, but because they ignored basic security requirements that have been in place since 2003. In one case, attackers sat inside a network for 16 months undetected. These aren't advanced attacks. These are failures to do the fundamentals. This Week's Cybersecurity Breakdown 1. TSYS Ransomware Attack (Everest Group) A repeat breach at a major payment processor: Systems encrypted and data exfiltrated Second major incident in five years Also impacts Fiserv Raises serious questions about systemic risk in payment infrastructure 2. Instructure / Canvas Data Breach (ShinyHunters) Massive education sector exposure: 275 million records allegedly stolen Student data, IDs, and private communications compromised Root cause: Salesforce misconfiguration Potential impact across 9,000+ schools 3. HHS HIPAA Fines for Ransomware Failures Regulatory enforcement is accelerating: $1.165 million in fines across four companies Failure to complete required security risk assessments One breach went undetected for 16 months OCR has now completed 19 ransomware investigations with the same pattern The Bottom Line These attacks aren't breaking through defenses. They're walking through doors that were never closed. Misconfigurations Missing risk assessments Known vulnerabilities left unpatched This isn't a technology problem. It's an execution problem. Support the show: buymeacoffee.com/securitysquawk Subscribe for weekly breakdowns of real-world cyber threats, ransomware attacks, and executive-level security insights.
View all episodes
By Bryan Hornung Reginald Andre & Randy Bryan
5
55 ratings
A major U.S. payment processor just got hit by ransomware, again. TSYS, one of the largest payment processors in the country, has been attacked by the Everest ransomware group for the second time in five years. Industry experts warned this was coming. It happened anyway. At the same time, ShinyHunters claims it stole 275 million records from Instructure, the company behind Canvas, the learning platform used by over 9,000 schools. Names, student IDs, and billions of private messages between students and teachers are now at risk. And in healthcare, regulators just fined four companies $1.165 million for ransomware-related failures, not because they were hacked, but because they ignored basic security requirements that have been in place since 2003. In one case, attackers sat inside a network for 16 months undetected. These aren't advanced attacks. These are failures to do the fundamentals. This Week's Cybersecurity Breakdown 1. TSYS Ransomware Attack (Everest Group) A repeat breach at a major payment processor: Systems encrypted and data exfiltrated Second major incident in five years Also impacts Fiserv Raises serious questions about systemic risk in payment infrastructure 2. Instructure / Canvas Data Breach (ShinyHunters) Massive education sector exposure: 275 million records allegedly stolen Student data, IDs, and private communications compromised Root cause: Salesforce misconfiguration Potential impact across 9,000+ schools 3. HHS HIPAA Fines for Ransomware Failures Regulatory enforcement is accelerating: $1.165 million in fines across four companies Failure to complete required security risk assessments One breach went undetected for 16 months OCR has now completed 19 ransomware investigations with the same pattern The Bottom Line These attacks aren't breaking through defenses. They're walking through doors that were never closed. Misconfigurations Missing risk assessments Known vulnerabilities left unpatched This isn't a technology problem. It's an execution problem. Support the show: buymeacoffee.com/securitysquawk Subscribe for weekly breakdowns of real-world cyber threats, ransomware attacks, and executive-level security insights.