Latest news with #datarecovery
The Independent
10-06-2025
- Health
- The Independent
Nottingham maternity scandal hospital data was ‘maliciously' deleted, police say
A computer file containing the details of cases linked to the NHS's largest maternity scandal was 'intentionally' and 'maliciously' deleted, a police investigation has found. Nottinghamshire Police launched a probe earlier this year after records held by Nottinghamshire University Hospitals Foundation Trust (NUH) and linked to the alleged maternity failings were temporarily lost. The data was later recovered and 300 more cases are expected to be added to the inquiry into the scandal after a discrepancy was noted by a coroner. NUH is currently being investigated for potential corporate manslaughter after The Independent revealed babies had died or suffered serious injuries at its maternity units. The investigation into the deleted hospital data is not related to the corporate manslaughter probe. The trust is also the subject of an inquiry led by top midwife Donna Ockenden, who is investigating the cases of 2,400 families who experienced maternity care at the trust, including deaths and injuries. Detectives launched a criminal investigation into Nottingham University Hospitals NHS Trust in September 2023 after concerns were raised about severe harm allegedly linked to the trust's maternity services. In an email to the affected families, seen by The Independent, police said that the data loss was 'most likely to be the action of an individual who had knowledge of the existence and location of the material'. Police said they were satisfied the data was not lost due to 'systemic corruption' and said 'it is most likely to have been done intentionally/maliciously rather than accidentally'. But officers were unable to identify the individual responsible. Families affected by the scandal told The Independent they would like to thank the police for their investigation. They said: 'We are distressed that they were unable to find who did this. We are appalled to hear this news, though sadly we are not surprised.' 'To know it is most likely an individual who most likely intentionally/maliciously deleted files of such importance is of grave concern. As families, we all gave our trust to NUH staff in our most vulnerable state of life and we deserved better. 'To know that there is most likely an individual who is capable of such behaviour is devastating for the already harmed and for the future of NUH safety. We call for openness at the worrying time and for the individual, their colleagues or anyone who knows anything about this to come forwards as a matter of urgency. This is a patient safety emergency.' In 2020, an exposé by The Independent found evidence of repeated poor care, spanning a decade at the NUH, with families accusing the hospital of covering up what happened to them. The investigation, conducted jointly with Channel 4, found 46 cases of babies who had been left with permanent brain damage, 19 stillbirths and 15 deaths. Several families and staff came forward to The Independent with stories of failings by the trust. A major review was commissioned in July 2020, but was soon superseded by Ms Ockenden's independent review. Commenting on the data loss investigation, temporary deputy chief Constable Rob Griffin said: 'Following consultation with HM Coroner and the Donna Ockenden review, a difference in the number of referred cases was identified. With the agreement of all involved, NUH appointed someone to review some of these cases. 'That person created a digital file in relation to their work. Along the journey, that file was found to have been deleted and NUH alerted Nottinghamshire Police to this fact. 'The file was recovered and provided to Nottinghamshire Police and a meticulous investigation has taken place. 'This has been completed by our cyber and digital teams, and although evidence suggested that this was more likely to have been deleted through an intentional individual action, we have not been able to identify a person responsible for this. NUH was approached for comment.
Yahoo
08-06-2025
- Yahoo
In wake of Good Friday cyberattack, city of Abilene replacing all desktops, laptops
The city of Abilene is still in recovery mode after a cyberattack from foreign hackers was discovered over six weeks ago, city officials said in a statement Monday. Recovery efforts mean replacing the city's network infrastructure including all desktops and laptops. Hackers encrypted and deleted city data in the ransomware attack, demanding the city ante up to get its information back, according to the statement. The city has no intention of paying a ransom. On April 18, city officials detected that city servers were unresponsive and began investigating the outage, city officials said in the statement. After the city's information technology department determined a foreign actor had compromised the city computer systems, the full network was shut down around 7 a.m. April 18 to prevent any further intrusion or data loss, the statement said. 'They encrypted data and deleted data off our servers," Troy Swanson, IT director, said. Swanson said the hacking group compromised the city's network and accessed administrative credentials. They also attempted to uninstall antivirus software and remove other protective measures. The city was given a deadline of May 27 to pay a ransom to restore the stolen data, an estimated 477 gigabytes. According to the statement, 477 gigabytes is equivalent to around 238.5 million pages of PDFs or 48 hours of 4K streaming on Netflix. A article noted that Russia-based ransomware group Qilin claimed responsibility for the cyberattack, the Abilene Reporter-News reported May 20. Qilin 'runs a ransomware-as-a-service business in which affiliates pay to use Qilin's malware to launch attacks and collect ransoms,' the May 19 Comparitech article said. In city officials' statement Monday, they stated communication was made with the suspect hacking group claiming responsibility to understand the nature of the information taken. The city statement did not name Qilin. City officials determined they will not aid or abet the perpetrators otherwise and will not pay the ransom, the statement said. The city statement on Monday did not state the dollar amount of the ransomware the hackers sought. More: The city of Abilene says it will not pay ransom to cyberattackers 'I was involved in the acquisition of our cyber insurance because of my role in overseeing risk management,' Mike Perry, director of the city's office of professional standards, said. 'Fortunately for us, we increased our insurance coverage last year.' Perry has assisted in the investigation with his background in law enforcement and in his role as a city administrator to work with the cybersecurity team hired by the city's insurance company to mitigate damage and help with recovery efforts, the statement said. When threat actors attack a network, Perry said they encrypt data so it's hidden from the entity it belongs to. Then perpetrators ask for a ransom to unencrypt and recover the data. While the data may be valuable, 'we're also not going to bow down to a criminal organization' as there is no guarantee the data will be recovered or not sold on the "Dark Web," said Perry, who was an Abilene assistant chief of police for 12 years. As of May 28, there have been no indications Abilene's information has been misused or residents' information has been used or released, Perry said. He said the amount of data taken appears to be relatively small compared to the city's total storage capacity. 'We're currently in this pattern of waiting to see if and when they're going to publish the data,' Perry said. 'There's not a lot more dialogue to be had because we've told them we're not going to pay the ransom.' The investigation is ongoing and the exact information taken by the hackers is unclear, Perry said. City employees and Abilene residents are asked to actively monitor their credit card and other accounts for data breaches and to report anything suspicious, the statement said. As network functionality is restored, the city will release periodic updates until all functions and points of access are fully operational, the city statement said. Information will be released by the city as needed and with limits to ensure the ongoing investigation is not compromised, the city statement said. Swanson said staff are in the process of replacing all network infrastructure, including servers, storage, phones, desktops and laptops. They were able to restore core services quickly after the attack. "By doing so, we will create a new cyber secure environment that we can assure is set up for the future and not able to be compromised," he said. The main push has been to supply city employees with desktops and laptops so they can perform their functions, Swanson said. There have been interim measures taken so employees can perform work, he said. While there still will be hurdles to overcome, residents and employees should expect the majority of day-to-day functionality to be restored soon, he said. The city hopes to be fully functioning in a few months, Swanson said. Citing the cyber attack discovered April 18, the city of Abilene filed a catastrophe notice and then an extension to enable it to temporarily suspend the requirement to provide public information under state law, according to a Texas Attorney General's Office database. In total, local officials tapped into a state measure allowing the city to forego responding to citizens' open records requests from April 22 through May 5, according to an April 29 report from ARN. Cyberattacks are an ongoing threat in the digital landscape and have become a new type of emergency which organizations must endure, Swanson said. Cities and municipalities recently affected by cyberattacks include the Texas cities of Mission, Richardson and Killeen, city officials said. Other cities targeted by cyber attacks include Baltimore, Maryland; Cleveland, Ohio; White Lake Township, Michigan; Arkansas City, Kansas; and El Cerrito, California, city officials said. Early or on Election Day: What to know about voting in Abilene City Council runoff race Development Corporation of Abilene seeks approval for $3.5 million Project Surf incentive This article originally appeared on Abilene Reporter-News: City of Abilene in full network shutdown after cyber attack, ransom demand
Forbes
06-06-2025
- Business
- Forbes
Beyond Backups: A Practical Guide To Data Recovery
Chongwei Chen is the President & CEO of DataNumen, a global data recovery leader with solutions trusted by Fortune 500 companies worldwide. As a data-recovery expert with 24 years of experience, I have witnessed countless examples of companies facing catastrophic consequences when faced with data loss. Take, for example, a mid-sized manufacturing company I worked with that could not access its production database due to a hardware failure. Although they had regular backups, the latest incremental backup file was also corrupted. Because of these issues, they had to pause production for several weeks, causing losses of about $1.2 million. Unfortunately, this company's experience isn't unique. A 2022 Arcserve study found that 76% of businesses lost mission-critical company data. Verizon research supports this, concluding that small instances of data loss cost businesses between $18,000 to $36,000, while large-scale incidents can cost up to $15.6 million. The stakes are so high that, according to the University of Texas, 94% of companies facing catastrophic data loss don't survive—43% never reopen, and 51% shut down within two years. Given these risks, understanding how to recover data is critical. Let's look at common storage methods and recovery techniques that organizations should be familiar with. In modern computers, data is generally stored logically as files, which are managed by a file system. Companies typically use two types of infrastructures to store data: • On-Premises: This includes traditional hard drives, USB flash drives, SD cards, CDs, DVDs, etc. • Cloud: Today, over 60% of all corporate data is stored in the cloud, according to G2 research, which includes Google Drive, Amazon S3 Storage, Microsoft OneDrive and so on. While human error is the leading cause of data loss, other causes include hardware failure, theft, software corruption, viruses, natural disasters and power failure. Data recovery is closely linked to the storage methods used to preserve the data, and the recovery techniques can generally be classified into these two categories: This method is geared toward hardware failures in storage devices, and it focuses on using the most advanced hardware technologies to: • Replace damaged interfaces, circuit boards or write heads. • Use specialized devices or environments to extract data. This recovery method uses an advanced software algorithm. There are two sub-categories: • Raw-Level Recovery: Generally deployed when the target files are lost due to issues like accidental deletion or reformatting the disk by mistake, the data-recovery software scans the raw disk or drive and recovers the files. In general, this software will support multiple file types. • File-Level Recovery: This method is used when target files exist but cannot be opened by the necessary application due to file corruption. Normally, for each file format, there will be a dedicated tool from the designer of the file format to check the integrity of the file and fix errors in it. For example, for an Outlook PST file, Microsoft provides an Inbox Repair Tool ( that can scan and fix errors in the PST file. For a SQL Server database file, a SQL command—DBCC CHECKDB—can check the integrity of a database and fix it if necessary. The two above classifications are not absolute. In real-world practice, multiple techniques may be required. For example, consider a situation where a criminal deleted a database containing financial data from a hard drive and then used software to overwrite the entire hard drive. Start by using a hardware method to recover most of the raw data from the drive. Then, apply raw-level recovery software to scan and extract the database file. If the recovered file still isn't recognized by SQL Server, use the DBCC CHECKDB command to attempt a repair, hopefully recovering most of the financial records from the database. These techniques can also be very flexible, and the techniques in one category can often be applied to another category to obtain better recovery results or lower the cost. For example, some file-level recovery software can also recover data from the hard drive directly if no files are available, which will normally offer a better recovery rate than using a raw-level recovery tool first and then a file-level recovery tool second. Some raw-level recovery software can also recover files with hardware issues, such as bad sectors, which will lower the cost because this method does not require specialized hardware devices. Data loss is often unavoidable, but it doesn't have to be a disaster if organizations familiarize themselves with the proper planning and techniques. To minimize the impact of data loss and ensure a swift recovery, organizations should follow a few essential best practices: • Prevention is the most important. Design a comprehensive business continuity plan, including a regular backup strategy and an incident response plan. Implement this plan strictly. • Act quickly after a disaster. Once you know there has been data loss, respond quickly, ideally within 48 hours of the incident. • Get professional help. For complex cases, seek professional help from data-recovery experts; they have likely seen the issues you're facing before, and they can help design the best recovery strategy. • Implement post-recovery review. After the incident, update the continuity plan and backup strategy based on the findings to reduce the likelihood of future incidents. With these best practices and by responding strategically, companies can often turn a data-loss incident from a crisis into a manageable challenge. Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
Associated Press
27-05-2025
- Business
- Associated Press
Elastio and Advance2000 Partner to Launch Ransomware Recovery Assurance Platform
BOSTON--(BUSINESS WIRE)--May 27, 2025-- Elastio, the leading ransomware recovery assurance platform, announced a strategic partnership with Advance2000 (A2K), a premier provider of private cloud infrastructure and managed IT services. This collaboration introduces the Advance2000 Ransomware Recovery Assurance Platform, a comprehensive solution powered by the Elastio Platform and integrated with Veeam in A2K's secure cloud environment. Designed to enhance business continuity and cyber resilience, this new platform empowers A2K customers to detect ransomware encryption and data corruption in backup data. By combining Elastio's intelligent scanning capabilities with A2K's high-performance private cloud, clients gain confidence that their restore points are clean, validated, and safe. 'Advance2000 has built a trusted reputation as a secure cloud provider for industries where uptime, compliance, and data protection are paramount,' said Christopher Sauer, Global Vice President of Strategic Alliances at Elastio. 'By integrating Elastio into their Veeam-based backup service, A2K is delivering a critical layer of ransomware recovery assurance—giving customers confidence that they can bounce back from ransomware events cleanly, quickly, and securely with uncompromised data.' Closing the Gaps in Traditional Backup and Recovery Ransomware continues to evolve—modern tactics often infiltrate quietly, encrypting data slowly over weeks or months to evade detection and ensure compromised files get backed up. When organizations try to recover, they risk restoring tainted data, leaving them uncertain, scrambling to find a clean backup, and more vulnerable to ransom demands. The Advance2000 Ransomware Recovery Assurance Platform addresses this risk head-on with advanced features including: 'Today's cyber threats require more than just backups — they demand assurance,' said Brian Maouad, CEO of Advance2000. 'Our partnership with Elastio reinforces our commitment to providing resilient, secure, and high-performing private cloud solutions. The Advance2000 Ransomware Recovery Assurance Platform enables us to protect our clients from the growing ransomware threat and deliver recovery outcomes they can trust.' This partnership underscores a shared mission to redefine how organizations approach ransomware recovery. By uniting A2K's vertically integrated private cloud infrastructure with Elastio's industry-leading recovery assurance platform, customers can reduce recovery times, safeguard compliance, and achieve greater cyber resilience. For more information on how Elastio and Advance2000 are redefining backup data recovery and ransomware protection, visit or contact Chris Sauer, Global Vice President, Strategic Alliances and Channels, at [email protected]. About Advance2000 Advance2000 is a privately held IT and Cloud Service Provider delivering secure, high-performance private cloud and managed IT services across the Architecture, Engineering, Construction (AEC), Legal, Education, and Healthcare sectors. With a nationwide presence and 24/7 support, Advance2000 provides vertically integrated cloud solutions that offer unmatched performance, security, and reliability. Learn more at About Elastio Elastio is the leader in ransomware recovery assurance. The Elastio Platform proactively validates backup and replication data for encryption, corruption, and threats, bridging the gap between security tools and backup systems. By ensuring clean and uncompromised recovery points, Elastio enables organizations to recover quickly and confidently from zero-day ransomware attacks. Learn more at View source version on CONTACT: MEDIA CONTACT Stephanie Broyles Chief Marketing Officer, Elastio 833-435-2784 [email protected] KEYWORD: MASSACHUSETTS UNITED STATES NORTH AMERICA INDUSTRY KEYWORD: NETWORKS SECURITY DATA MANAGEMENT TECHNOLOGY SOFTWARE SOURCE: Elastio Copyright Business Wire 2025. PUB: 05/27/2025 10:03 AM/DISC: 05/27/2025 10:02 AM
Geeky Gadgets
27-05-2025
- Business
- Geeky Gadgets
Choose Secure Data Erasure Over Factory Reset for Mac
Apple Silicon or Intel-based Macs have an option to be reset to factory mode. Once the Mac device is reset, all the applications and saved personal data are formatted, and the device is restored to factory settings. This hard reset frees up storage space, deleting stored data and thereby increasing its processing speed. Several areas on the disk store data such as user credentials, built-in app data, backup information, etc., that are inaccessible to the user, operating system, BIOS, or UEFI. Existing in different forms, Host Protected Area (HPA), Disk Configuration Overlay (DCO), or Accessible Max Address (AMA), these hidden disk areas mainly contain disk utilities for the device to function smoothly. It is of utmost importance that data from these disk zones be erased to prevent data leakage. However, a factory reset is incapable of fulfilling this purpose. The Hidden Risks: Recoverable Data Post Factory Reset A factory reset only removes the pointers to the file system, removing only access to the data and not the data itself. In most cases, the actual contents of the Mac drive still reside on the Mac, which is recoverable using freely available Mac data recovery software or through forensic in-lab services. The data traces left behind after a factory reset can comprise Personally Identifiable Information (PII), Protected Health Information (PHI), credit card information, etc., which, if leaked, can ruin decades of reputation for a business in seconds, and this is just the beginning. Data protection laws and regulations like EU-GDPR, HIPAA, CCPA, GLBA, etc., require businesses to erase personal data collected for processing after the retention period is over, the purpose has been served, or the individual has requested the removal of their data. Data removal has to be permanent beyond recovery from the entire Mac device, including inaccessible disk zones HPA, DCO, and other remapped sectors. Contrary to popular belief, a factory reset does not meet the secure erase requirements such as those needed by NIST 800-88, DoD 5220.22 M, or other regulatory guidelines. On Mac devices with SSDs, data is stored in memory blocks that also have the TRIM command enabled. While TRIM helps in optimizing the performance of SSDs, however, there is no way to ensure that the data has been permanently erased, as the TRIM command can be disabled by individuals, either intentionally or due to system configurations. Further, laws also mandate a proof of data destruction to be maintained by the organization in the form of a report or certificate of destruction. A software-based data erasure tool is highly recommended if the Mac devices are in a functional state and the business intends to reuse them; however, if the device is non-functional and cannot be repaired, then the device must be destroyed using physical destruction methods. The Real World Impact: When Factory Reset Fails Consider an organization that has no policies or mechanisms in place for data destruction. For reusing, repurposing, reselling, or donating their end-of-life devices, including Mac devices, the organization performs a factory reset on all the functional devices. These reset devices are either handed over to their new owners or discarded. Since the business-critical information still remains on these devices, the threat to data privacy lingers continually. The sensitive information can be recovered from all these devices using forensic tools or data recovery software, which can then be misused or can result in a data breach episode. The 2016 Morgan Stanley data breach case is one such example where confidential data such as social security numbers, passports, and credit card information, was recovered from decommissioned IT assets. These IT assets were not only not properly erased but also were resold to a third party without sanitization verification. This unauthorized access to personal data brought the organization penalties close to USD 100 million imposed by authorities, including the Office of the Comptroller of the Currency (OCC) and Securities and Exchange Commission (SEC), over a span of more than 5 years. One data breach caused Morgan Stanley operational downtime, penalties, and loss of customer trust. The Secure Solution: Software-Based Data Erasure Organizations must devise data destruction policies, including data retention guidelines, to ensure secure erasure is performed periodically without any scope for gaps in the process. The policies should also include guidelines on how data of varying sensitivity should be securely erased from different Mac devices and what tool should be used to perform secure data erasure. For example, the Mac devices containing data related to intellectual property or financial information that is critical must be sanitized using a certified data erasure tool like BitRaser before Mac devices are reallocated or refurbished. A software-based data erasure tool applies international data erasure algorithms like NIST 800-88 Clear, NIST 800-88 Purge, and DoD 5220.22 M (3 pass). It permanently erases data from all devices, including Mac's with erasure from inaccessible hidden disk areas. It also generates immutable erasure reports and a certificate of data destruction, which assist in complying with the governing data protection laws and regulations. Resetting Isn't Enough, Erasure is Essential Organizations have always been proactive in adapting to modern-day technology to gain more profits, gain a competitive edge, and establish their brand as progressive. However, many lag in assimilating this strategy when it comes to policy implementation in terms of data destruction. The risk of a data breach creeps over every business today, whether it is a startup or an enterprise. According to IBM's Cost of a Data Breach Report 2024, an average data breach costs USD 4.88 million. This cost is 10% higher than that mentioned in the IBM 2023 report. Clearly, there is a dire need for organizations to prevent data breaches by including secure data erasure as one of their cybersecurity strategies. To prevent this risk from turning into a tragic event, businesses must leverage data erasure programs to destroy data on their Mac devices, comply with the requirements of data protection laws, and build trust with their customers. Compliance is no longer optional, and a factory reset is not compliant. Filed Under: Apple, Guides, Laptops Latest Geeky Gadgets Deals Disclosure: Some of our articles include affiliate links. If you buy something through one of these links, Geeky Gadgets may earn an affiliate commission. Learn about our Disclosure Policy.
