Banner Ocotillo Medical Center in Chandler, Arizona, is one of 30 hospitals Banner Health operates in six states. (Image: Banner Health)

Feds Smack Banner Health With $1.25 Million Fine in Breach

Marianne Kolbasuk McGee • February 2, 2023

Federal regulators hit Banner Health, which operates hospitals and other care facilities in multiple states, with a $1.25 million HIPAA settlement in the wake of a 2016 hacking incident that affected nearly 3 million individuals. Banner Health will also implement a corrective action plan.

►

Healthcare

FBI Seizes Hive Ransomware Servers in Multinational Takedown

Latest

Application Security

Checkmarx CEO on Bringing Application, API Security Together

Michael Novinson • February 2, 2023

Organizations have struggled to understand why APIs are so strategic even though they're an intrinsic way businesses interface with their software, according to Checkmarx CEO Emmanuel Benzaquen. He says API abuse is slated to become one of the most common types of web application data breaches.

Next-Generation Technologies & Secure Development

Splunk CEO on Enriching the SIEM With UEBA and Threat Intel

Michael Novinson • February 2, 2023

Splunk has infused its SIEM with user behavior analytics and threat intelligence to better identify anomalies and understand what's going on in a customer's environment, says CEO Gary Steele. Adding UEBA to the SIEM makes it easier for organizations to identify, detect and remediate anomalies.

Cloud Security

Lacework CEO on How to Prioritize Cloud Infrastructure Risks

Michael Novinson • February 2, 2023

Lacework has debuted an attack path analysis tool to help organizations understand the havoc specific threats could wreak within their cloud infrastructure, says CEO Jay Parikh. The company helps customers prioritize which risk elements inside their infrastructure should be addressed first.

Cybercrime

'No Pineapple' Hacking Campaign Reveals North Korean Toolkit

Jayant Chakravarti • February 2, 2023

Researchers from cybersecurity firm WithSecure say they spotted a North Korean espionage campaign they dub "No Pineapple" that reveals a slew of tools in the Pyongyang hacking arsenal. They're confident the hackers were North Korean: One hacker connected to an infected server using a DPRK address.

Governance & Risk Management

The Troublemaker CISO: Defending Against Insider Threat

CyberEdBoard • February 2, 2023

Open XDR

Bitdefender CEO Florin Talpes on Bringing XDR to the Masses

Michael Novinson • February 1, 2023

Incumbent XDR platforms target large enterprises with access to a full security operations center, threat hunters and incident response teams, says Bitdefender CEO Florin Talpes. But firms looking to successfully serve the SMB market need to modify their XDR tools to address the skills shortage.

Fraud Management & Cybercrime

Skyrocketing Cyber Insurance Premium Growth May Slow

Akshaya Asokan , David Perera • January 31, 2023

Premiums for cyber insurance have climbed sharply along with global rates of ransomware. But signs of increased competition and capital inflows suggest the cyber insurance market may be softening, Marsh executive Sarah Stephens told a U.K. parliamentary committee.

Endpoint Security

Trellix CEO on Unifying Endpoint, SecOps and Data Protection

Michael Novinson • January 31, 2023

Trellix will debut a console that offers endpoint, security operations and data protection capabilities and a plug-in for network detection and response. The company has moved FireEye's best-in-class detection engines to the cloud for NDR and examined how to address areas such as packet capture.

Business Email Compromise (BEC)

Microsoft-Verified OAuth Apps Used to Infiltrate Inboxes

Prajeet Nair • January 31, 2023

Cybercriminals exploited the verification process for Microsoft-certified authentication apps to obtain access to the inboxes of financial and marketing companies. Among the permissions threat actors sought were access to emails and calendars, says cybersecurity firm Proofpoint.

Governance & Risk Management

Juniper Exec Samantha Madrid on Pursuing Single-Vendor SASE

Michael Novinson • January 31, 2023

Juniper Networks has debuted security service edge capabilities that help clients consistently apply zero trust policies in the cloud regardless of the user or device. Juniper takes the policies customers already use within their network and converts them to cloud-delivered policies with one click.

Application Security

Snyk CEO Peter McKay on Making Defense Easier for Developers

Michael Novinson • January 31, 2023

The nearly $200 million it raised in December will allow Snyk to consolidate the developer security market through organic investment and M&A, says CEO Peter McKay. Snyk has focused on bringing open-source security, container security, infrastructure- as-code security and cloud security together.

Breach Notification

ITRC Breach Report: Lack of Transparency, Details Worsen

Anna Delaney • January 31, 2023

The Identity Theft Resource Center's 2022 Annual Data Breach Report reveals a near-record number of compromises - the second-highest number in 17 years. ITRC COO James Lee worries that a sudden lack of transparency in breach notices is creating more risk for consumers.