Data breaches in the healthcare sector cost about $10.1 million - more than double the average cost of breaches across other industries - once again ranking the sector as having the most expensive data breaches, says Limor Kessem, principal consultant of cyber crisis management at IBM Security.
Zero trust is not a specific tool, but a concept that focuses security measures on devices and users rather than on the traditional network perimeter.
Ensuring the right people have the right access to the right information at the right time is crucial to mission security. In today’s work environment, users...
In the wake of rising geopolitical tensions, the threat of cyberattacks on agencies is becoming inevitable, forcing the federal landscape to rethink how it secures applications and data. To support this mission and create a more resilient cyber infrastructure, the Executive Order on Improving the Nation’s...
The Cybersecurity Executive Order requires every federal agency to adopt zero trust, and OMB published an updated Federal Zero Trust Strategy in Memorandum M-22-09. It outlines three Identity goals that every agency must achieve by the end of fiscal year 2024.
To accomplish this, M-22-09 requires every agency to: ...
A recent Securities and Exchange Commission filing by Tenet Healthcare, a major Dallas-based healthcare delivery organization, provides the latest public peek into the hefty impact a disruptive cyber incident can have on a healthcare entity's finances.
Federal regulators say credit unions should report cyber incidents within 72 hours, including those experienced by third-party vendors that process member data. Just five deposit, payment, and data processing service companies dominate the credit union market.
One Identity selected ex-LogRhythm CEO Mark Logan as its next leader and tasked him with standing the Quest subsidiary up as a stand-alone entity. The company offers identity governance, privileged access, identity management and Active Directory management solutions thanks to buying OneLogin.
Cybersecurity doesn’t have competitors, it has adversaries. They react to every defense we put in place and seek new ways to achieve their aims - whether they be cybercrime, espionage, or hacktivism. The attackers are innovative, and they share new ways to exploit any vulnerability, so defenders need to share...
Big, bad bugs - including the likes of Heartbleed, BlueKeep and Drupalgeddon - never seem to burn out. Instead, they just slowly fade away, despite the risk that attackers will successfully exploit them to steal data, seize control of systems or deploy ransomware.
Exploring new ways to offer security as a service from his organization to external customers is an exciting challenge and opportunity, says Sean Mack, CIO and CISO of publishing company Wiley. He also discusses aligning security investments with the company's biggest business risks and goals.
Three ISMG editors discuss important cybersecurity issues, including the sharp rise in Maui ransomware attacks, how the FBI seized cryptocurrency ransom payments worth $500,000 from North Korean attackers and advice for CISOs navigating the great zero trust debate.
It's been a year since President Biden's executive order that called out zero trust as a primary focus. Richard "Chit" Chitamitre of Corelight discusses the prevalent misunderstandings about zero trust, as well as use cases for how to embrace the framework and make measurable progress along the way.
In this...
Atlassian released a patch for a critical vulnerability in its workspace collaboration tool Confluence stemming from hard-coded credentials. The Australian company found no evidence of exploitation of the flaw that allows remote, unauthenticated attackers access to vulnerable servers.
The basic foundation of designing a reliable and dynamic cyber resilience program is to have an elaborate incident response plan that can take into account different cyberthreat scenarios and outcomes, says Singapore-based Christophe Barel, who is managing director for Asia-Pacific at FS-ISAC.
Vulnerabilities do not provide a comprehensive threat landscape but allow companies to feed their own risk analysis or an initial risk assessment. To provide insight into the threat landscape for ICS, Verve’s research team looked at updating the analytical comparison completed last year regarding the trend of ICS...
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.