Attorneys Robert Stankey (left) and Adam Greene of the law firm Davis Wright Tremaine

GDPR Compliance for US Healthcare: What You Need to Know

Marianne Kolbasuk McGee • May 21, 2018

Strict HIPAA compliance is a great preparation for compliance with the European Union's General Data Protection Regulation, which will be enforced starting May 25, according to attorneys Robert Stankey and Adam Greene, who provide compliance insights in an in-depth interview.

Data Breach

Report: Facebook App Exposed 3 Million More Users' Data

Latest

Cybercrime

DDoS Attacker Receives 15-Year Sentence

Mathew J. Schwartz • May 21, 2018

John Gammell of New Mexico has been sentenced to serve 15 years in prison for launching DDoS attacks against prior employers and business competitors, as well as for being a convicted felon in possession of firearms.

Governance

Websites Still Under Siege After 'Drupalgeddon' Redux

Jeremy Kirk • May 21, 2018

Patching a content management system has never been a straightforward affair, and the carnage from back-to-back critical vulnerabilities in the Drupal CMS continues to play out. Unpatched, hacked Drupal sites are delivering virtual currency miners, and in some cases malware.

Privacy

FCC to Investigate US Mobile Phone Location-Revealing Flaw

Mathew J. Schwartz • May 21, 2018

Following the disclosure of a flaw in the website of LocationSmart that could have been easily exploited to track the location of cellular phone users throughout the U.S. in real time, the Federal Communications Commission has referred the matter to its enforcement bureau for investigation.

Cybercrime

Nonstop Breaches Fuel Spike in Synthetic Identity Fraud

Mathew J. Schwartz • May 18, 2018

Leading the latest edition of the ISMG Security Report: Years of massive data breaches have fueled an increase in synthetic identity fraud, in which fraudsters combine real and bogus details to create more effective fake identities. Plus, has "The Dark Overlord" hacking group finally met its match?

Data Breach

US Government Plans to Indict Alleged CIA Leaker

Jeremy Kirk • May 16, 2018

A former CIA software engineer who is facing child pornography charges is a possible suspect in the largest-ever leak of classified information from the spy agency. While Joshua A. Schulte has not been charged with the leak, prosecutors have indicated they will soon indict him.

Breach Notification

Nuance Communications Breach Affected 45,000 Patients

Jeremy Kirk • May 14, 2018

Speech recognition software vendor Nuance Communications says an unauthorized third party accessed one of its medical transcription platforms, exposing records for 45,000 people. The company has blamed the breach on a former employee, who accessed personal data from several of Nuance's clients.

Encryption

Uninstall or Disable PGP Tools, Security Researchers Warn

Mathew J. Schwartz • May 14, 2018

European computer security researchers say they have discovered vulnerabilities that relate to two techniques used to encrypt emails: PGP and S/MIME. Security experts recommend all PGP users immediately delete or disable their PGP tools, pending a full fix.

Fraud

Sizing Up the Impact of Synthetic Identity Fraud

Nick Holland • May 14, 2018

Credit card losses due to synthetic identity fraud exceeded $800 million in the U.S. last year, says Julie Conroy of Aite Group, who analyzes the evolving threat and offers mitigation insights.

Encryption

Crypto Fight: US Lawmakers Seek Freedom From Backdoors

Jeremy Kirk • May 11, 2018

A bipartisan group of U.S. lawmakers has reintroduced legislation in the House that would stop the government from forcing software vendors to intentionally weaken their products for surveillance purposes. Two prior attempts to enact the legislation in Congress have failed.

Big Data

'All of Us' Research Project: The Privacy Risks

Marianne Kolbasuk McGee • May 11, 2018

Although the National Institutes of Health is implementing strong privacy measures as it begins its effort to enroll 1 million volunteers to contribute data to its "All of Us" precision medicine research project, there are still risks involved, says privacy attorney Kirk Nahra.

Cybercrime

Real-Time Payment Networks Face Off Against Fraudsters

Mathew J. Schwartz • May 11, 2018

With the rise of P2P payment networks and the U.S. working toward a real-time national payments network, the push is on to battle fraudsters. Also, attackers are hacking legitimate websites to more stealthily distribute "Gandcrab" crypto-locking ransomware.

Fraud Management & Cybercrime

Crabby Ransomware Nests in Compromised Websites

Jeremy Kirk • May 10, 2018

The Gandcrab ransomware has been a moving target. Since it was discovered in January, it quickly became one of the most widely distributed file-encrypting malware programs. Researchers with Cisco say they've now found it seeded within legitimate websites, making its spread tougher to stop.