Articles, by our experts

Unpacking compliance, security and AI.

Our DPOs and CISOs regularly share their take on regulatory and technical news here: new CNPD guidelines, notable sanctions, incident lessons learned, evolutions on the AI Act, NIS 2 and DORA. To go beyond the press release.

15 articles found · #ransomware

Lithuania: €450,000 GDPR fine for lack of MFA at InMedica

Lithuania’s DPA fined InMedica €450,000 over two incidents (2024 breach, 2025 ransomware), citing lack of MFA and poor access controls under GDPR Articles 5(1)(f), 24(1) and 32(1)(b).

CSSF 26/906: governance and DORA-grade immutable backups by June 30

CSSF 26/906 requires PSPs/EMIs to reassess governance and risk management by 30 June 2026. Immutable, isolated backups are the DORA-proof of ransomware resilience.

Clinical Diagnostics (NL): gynecological records leak — GDPR-aligned DLP

After the massive leak at Clinical Diagnostics, a modern DLP aligned with GDPR (Art. 32 and 44–49) reduces exfiltration and provides the evidence authorities expect.

ENISA 2026: Separate, tested backups aligned with DORA

ENISA updates its SME guide: backups separated from production, encrypted and end-to-end tested. How immutable, isolated vaults meet DORA Art. 12 and thwart ransomware.

Foxconn hit by Nitrogen: 8 TB stolen — PAM becomes non-negotiable

On 13/05/2026, Foxconn confirmed an attack claimed by Nitrogen: 8 TB and 11M+ files stolen, with slowdowns at North American plants. A zero-trust PAM meets NIS 2 art. 21 and severs admin access that enables such attacks.

RUAG pays a ransom to Akira: red alert for executive boards

On 6 June 2026, RUAG confirmed it paid a ransom to the Akira gang after its US subsidiary was hit. A rare admission that quantifies ransomware’s economic impact: paying, even a “small amount,” to retrieve data.

Qilin exploits a Check Point zero-day: VPNs breached, patch within 72h

A critical zero-day (CVE‑2026‑50751) in Check Point VPNs is being actively exploited by Qilin. CISA mandates a fix by June 11, 2026. Luxembourg NIS 2 entities must check IKEv1, patch, and notify via SERIMA if an incident occurs.

Unimed (DE): 72,000+ patient files stolen — DLP, Article 32 and GDPR transfers

In mid‑April 2026, outsourcer Unimed had 72,000+ patient records stolen. Here is a concrete DLP stack to prevent exfiltration and demonstrate compliance with GDPR Article 32 and cross‑border transfers (Arts. 44‑49).

West Pharmaceutical (4 May 2026): why immutable, isolated backups are vital (DORA)

On 4 May 2026, West Pharmaceutical suffered a ransomware attack with data theft and encryption, halting manufacturing and shipping. Here is the backup architecture that prevents prolonged outages and meets DORA.

ENISA 2026: Exercise Methodology to Operationalize DORA Article 24

ENISA releases a cybersecurity exercise methodology with ready-to-use kits. In practice: DORA Article 24–aligned tabletop tests to speed decision-making and reduce ransomware impact.

ChipSoft ransomware: why immutable, isolated backups are non-negotiable

The ChipSoft (HiX) attack disrupted hospital services and exposed data. Here’s how immutable backups and an isolated backup network meet DORA/NIS 2 and prevent prolonged outages.

AZ Monica crippled by ransomware: why immutable backups matter

Belgium’s AZ Monica hospital shut down its servers after a cyberattack. Here’s how immutable, isolated backups enable fast recovery aligned with DORA/NIS 2.

Page 1 / 2 Older →