Health Recovery Services and Riverplace Counseling Centers each recently reported health data breaches.

Protecting Substance Addiction Data: The Challenges

Marianne Kolbasuk McGee • April 23, 2019

Two organizations that provide treatment to patients with substance addictions have recently reported breaches of sensitive information. Compliance experts say that many organizations that provide such treatment must comply with HIPAA as well other stricter privacy requirements, which creates challenges.

Governance

Data Breaches in Healthcare Affect More Than Patient Data

Latest

Cybersecurity

'Five Eyes' Intelligence Members to Detail Cyber Threats

Mathew J. Schwartz • April 24, 2019

For the first time, members of the secretive "Five Eyes" intelligence-sharing group will make a joint public appearance to discuss how they collaborate, sharing a stage in Glasgow, Scotland, during the CyberUK conference. The Five Eyes alliance comprises Australia, Canada, New Zealand, the U.K. and U.S.

Application Security

Facebook Marketplace Flaw Revealed Seller's Exact Location

Mathew J. Schwartz • April 23, 2019

Facebook has fixed a security vulnerability in its digital marketplace that could have been abused to identify the precise location of a seller, and by extension, their goods. Police warn that thieves regularly trawl location data to find the owners and locations of high-value items.

Anti-Fraud

The FBI's RAT: Blocking Fraudulent Wire Transfers

Jeremy Kirk • April 23, 2019

Fraud, e-hustles and social engineering attacks continues to proliferate, the FBI's latest report into the state of internet crime confirms. But over the past year, a new FBI tactic for quickly stopping fraudulent wire transfers has notched notable successes.

Data Breach

What Led to a $4.7 Million Breach Lawsuit Settlement?

Scott Ferguson • April 22, 2019

Washington State University has agreed to pay more than $4.7 million to settle a lawsuit stemming from the theft of a portable hard disk drive from a self-storage unit. The drive contained information - much of it unencrypted - on more than 1 million individuals.

Cybercrime as-a-service

WannaCry Stopper Pleads Guilty to Writing Banking Malware

Jeremy Kirk • April 22, 2019

Marcus Hutchins, the British security researcher who helped stop the massive WannaCry ransomware outbreak in mid-2017, has pleaded guilty to developing and distributing "Kronos" banking malware.

Governance

A CISO Lists Top Governance Challenges

Marianne Kolbasuk McGee • April 22, 2019

What are some of the toughest information security governance challenges healthcare organizations face? CISO Afzal Bashir discusses key insights based on his experience.

Breach Response

Facebook Password, Email Contact Mishandling Worsens

Jeremy Kirk • April 19, 2019

Two security issues disclosed by Facebook over the past month are worse than first thought, adding to a harrowing series of data-handling mishaps by the social network. Millions of Instagram users had their plain-text passwords stored, and 1.5 million people had their email contact lists uploaded without consent.

Cybercrime

Leak Exposes OilRig APT Group's Tools

Scott Ferguson • April 19, 2019

A set of malicious tools, along with a list of potential targets and victims, belonging to an APT group dubbed OilRig has leaked online, exposing some of the organization's methods and goals, analysts say.

Cybercrime

Not So 'Smart' - Child Tech Has Hackable Flaws

Mathew J. Schwartz • April 19, 2019

A warning that a smartwatch marketed to parents for tracking and communicating with their children could be coopted by hackers leads the latest edition of the ISMG Security Report. It also reviews how a DNS hijacking campaign is hitting organizations and how "dark patterns" trick users.

Cyberwarfare / Nation-state attacks

'Sea Turtle' DNS Hijacking Group Conducts Espionage: Report

Scott Ferguson • April 17, 2019

A nation-state sponsored espionage campaign dubbed "Sea Turtle" has been manipulating the domain name system to target more than 40 organizations, including intelligence agencies - especially in North Africa and the Middle East, Cisco Talos warns. Experts say defenses against DNS hijacking lag.

Blockchain & Cryptocurrency

10 Highlights: Cryptographers' Panel at RSA Conference 2019

Mathew J. Schwartz • April 17, 2019

From blockchains and surveillance to backdoors and GDPR, a group of leading cryptographers rounded up the top cybersecurity and privacy matters of the day at the cryptographers' panel held at the recent RSA Conference 2019 in San Francisco.

DDoS

Ecuador Hit With 'Cyberattacks' After Assange's Arrest

Scott Ferguson • April 17, 2019

The government of Ecuador has been hit with millions of "cyberattacks" following its withdrawal of asylum protection for WikiLeaks founder Julian Assange and his arrest by British police last week, an Ecuadorian official says.