Big Data Healthcare Project Raises Privacy Issues

Marianne Kolbasuk McGee • February 26, 2021

Truveta, a new big data collaborative research effort involving 14 U.S. healthcare providers, will share de-identified data on millions of patients in an effort to improve treatments through personalized medicine. But the project raises important privacy issues.

Electronic Healthcare Records

Tips on Building a Robust Data Backup Strategy

PACS Flaws Put Data at Risk for 18 Months

Latest

3rd Party Risk Management

House SolarWinds Hearing Focuses on Updating Cyber Laws

Scott Ferguson • February 26, 2021

A pair of U.S. House committees held their first public hearings into the SolarWinds attack, with lawmakers and witnesses offering support for expanding federal cybersecurity laws to address the security failures. This includes a larger role for CISA to conduct threat hunting.

Fraud Management & Cybercrime

Ransomware: Beware of 13 Tactics, Tools and Procedures

Mathew J. Schwartz • February 26, 2021

Ransomware continues to sting numerous organizations, and the problem only seems to be getting worse. More than ever, the onus is on potential victims to ensure they have essential defenses in place - and if possible, to proactively hunt for attackers who may already be inside their network.

Cyberwarfare / Nation-State Attacks

Microsoft Releases Queries for SolarWinds Attack Detection

Prajeet Nair • February 26, 2021

Microsoft is making available the CodeQL queries it used to detect malicious implants in the massive supply chain attack that affected SolarWinds, tech firms and government agencies.

Fraud Management & Cybercrime

DHS to Provide $25 Million More for Cybersecurity Grants

Doug Olenick • February 26, 2021

The U.S. Department of Homeland Security will provide an additional $25 million in grants to state and local cybersecurity preparedness programs with a particular focus on combatting ransomware, Secretary Alejandro Mayorkas announced Thursday.

Breach Notification

Analysis: Feds Crack Down on Cryptocurrency Scams

Anna Delaney • February 26, 2021

The latest edition of the ISMG Security Report features an analysis of a federal crackdown on ICO cryptocurrency scams. Also featured: An update on the SonicWall hack investigation and the use of digital IDs to verify COVID-19 testing.

Governance & Risk Management

6,000 VMware vCenter Devices Vulnerable to Remote Attacks

Prajeet Nair • February 25, 2021

Security firm Positive Technologies says more than 6,000 VMware vCenter devices worldwide that are accessible via the internet contain a critical remote code execution vulnerability. VMware has issued recommendations for patching the flaw.

3rd Party Risk Management

Executive Order Focuses on Supply Chain Risk Management

Scott Ferguson • February 25, 2021

In light of the global shortage of semiconductors, President Joe Biden signed an executive order Wednesday requiring a federal review of supply chain risks for these chips. Also to be reviewed: supply chain risks for information and communications technology and the pharmaceutical industry.

Cyberwarfare / Nation-State Attacks

Senate SolarWinds Hearing: 4 Key Issues Raised

Scott Ferguson • February 24, 2021

The Senate Intelligence Committee's hearing about the supply chain attack that affected SolarWinds and dozens of other companies and federal agencies answered some questions about what went wrong but also raised four key issues.

Endpoint Security

Cybersecurity Agencies Warn of Accellion Vulnerability Exploits

Doug Olenick • February 24, 2021

The cybersecurity agencies of five countries have issued a joint advisory warning that hackers are exploiting vulnerabilities in the Accellion File Transfer Appliance to steal data and execute ransomware. Australia's Transport for New South Wales and Canada's Bombardier are the latest victims to be revealed.

Artificial Intelligence & Machine Learning

Using ID Screening to Fight COVID-19 Economic Relief Fraud

Nick Holland • February 24, 2021

High-speed identity screening can play a critical role in cracking down on fraud tied to COVID-19 economic relief efforts without impeding legitimate access to funds, says Dr. Gary Shiffman, CEO of Giant Oak, which offers artificial intelligence technology.

3rd Party Risk Management

Senators Grill Cybersecurity Execs on SolarWinds Attack

Doug Olenick • February 23, 2021

The CEOs of SolarWinds, Microsoft, FireEye and CrowdStrike rolled out a series of cybersecurity recommendations to a U.S. Senate panel Tuesday while detailing how foreign actors gained access into their firms' systems as a result of the SolarWinds supply chain attack.

Business Continuity Management / Disaster Recovery

Creating a Digital ID to Verify COVID-19 Testing

Nick Holland • February 22, 2021

The Good Health Pass Collaborative is developing a road map for digital health passes that international travelers could use to prove they have been tested for COVID-19. Dakota Gruener, executive director of ID2020, which launched the project, describes the effort, including privacy-protection measures.