The ransomware attack that targeted Colonial Pipeline Co. in May compromised the personal information of more than 5,800 individuals, mainly current and former employees, according to a breach notification letter.
Multi-factor authentication (MFA) necessitates the user to provide two or more verification factors to gain access to a
resource such as an application, an online account, or a virtual private network (VPN). It is a core component of a strong
identity and access management policy.
Download this whitepaper for...
A Houston-based gastroenterology practice notified all 162,000 of its patients and employees that their information had potentially been compromised in a January ransomware incident, saying it would have been too costly and time-consuming to pinpoint which individuals had data exposed. Was that the right move?
Two more healthcare delivery systems - Sanford Health and Eskenazi Health - are recovering from cyberattacks - both apparently involving ransomware - that are causing disruptions in service.
A Gartner study estimated that 1 in 3 security breaches will come via shadow IT. Shadow IT resources, which are typically in the cloud, are often purchased and used outside IT procurement and support policies. They create double trouble, bloating overall spend and leaving you vulnerable to cyberattacks or data loss....
In the wake of a recent cyberattack on UF Health Central Florida that disrupted access to patients' electronic health records for about a month during recovery, the entity is now reporting the incident also exposed patient information.
What do Facebook, Twitter, and Github all have in common? Data exposure incidents in recent years where even though they had locked down their data stores, credentials leaked into their log files creating painful, public security incidents. Modern software development practices, from microservices to CI/CD, make it...
Several recent health data breaches involving vendors - including more reports related to the Accellion file transfer appliance hack - show that managing vendor security risks remains a difficult ongoing challenge in the healthcare sector.
An Orlando-based family physicians' practice is notifying nearly 450,000 patients, employees and others about a phishing incident tied to a financial fraud attempt.
UC San Diego Health says a phishing incident led to unauthorized access to an undisclosed amount of information on patients, employees and students for at least four months.
A phishing campaign targeting a company that administers student health plans demonstrates the regulatory issues that arise when the personal information of students is compromised. That's because it's unclear whether HIPAA or the Family Educational Rights and Privacy Act may apply.
Another lawsuit seeking class action status was filed last week against San Antonio-based NEC Networks - which does business as CaptureRx - in the aftermath of a hacking incident that now appears to have affected several dozen of the vendor's healthcare clients and at least 2.4 million individuals.
This edition of the ISMG Security Report features an analysis of ongoing investigations into the use of NSO Group's Pegasus spyware to spy on dissidents, journalists, political rivals, business leaders and even heads of state - and discussion of whether the commercial spyware business model should be banned.
A bipartisan group of senators introduced a federal breach notification bill Wednesday that would require federal agencies, federal contractors and organizations that are considered critical to U.S. national security to report security incidents to CISA within 24 hours of discovery.
The number of U.S. healthcare entities affected by a recent cyber incident targeting a Sweden-based provider of oncology radiation systems and related services is growing. Some security experts say this points to the additional risks offshore business associates can pose to their clients.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.
