HHS warns that the use of tracking code in many healthcare websites and portals could be violating HIPAA privacy regulations.

HHS: Web Trackers in Patient Portals Violates HIPAA

Marianne Kolbasuk McGee • December 1, 2022

Federal regulators issued a warning to healthcare entities and their tech vendors that the use of tracking code embedded in patient portals that transmits patient information to third-parties could be a violation of HIPAA, and punishable with monetary fines.

►

Cybercrime

Addressing the Shortage of Medical Device Cyber Talent

Latest

Next-Generation Technologies & Secure Development

Elastic Lays Off Nearly 400 Employees as SMB Spend Dwindles

Michael Novinson • December 1, 2022

Security, observability and search vendor Elastic will shrink its workforce by 13% due to small and medium businesses reducing their purchases amid the economic downturn. Elastic will lay off nearly 400 of its 3,056 employees as it adopts an automated, low-touch motion for SMB customers.

Identity & Access Management

LastPass Breach Exposes Customer Data

Prajeet Nair • December 1, 2022

Hackers stole customer information but not passwords when they broke into password manager LastPass' third-party cloud storage service, the company disclosed. An unauthorized party used information stolen during a dayslong incident in August to exfiltrate the data.

Fraud Management & Cybercrime

Why Ransomware Victims Avoid Calling It 'Ransomware'

Anna Delaney • December 1, 2022

The latest edition of the ISMG Security Report discusses why too few organizations admit to being victims of ransomware attacks, how delayed enterprise subscription start dates forced CrowdStrike to cut sales forecasts, and leveraging threat intelligence to protect critical infrastructure.

Governance & Risk Management

A Look Ahead: John Kindervag's Zero Trust Outlook for 2023

Tom Field • November 30, 2022

The foundation of a landmark presidential executive order and now a standard embraced by governments and enterprises globally, zero trust has come far in the past two years. Zero trust creator John Kindervag offers a progress report and insight into the key trends he sees shaping the new year.

Artificial Intelligence & Machine Learning

Open Systems Buys Tiberium to Automate Security on Microsoft

Michael Novinson • November 30, 2022

Open Systems has purchased an early-stage Microsoft-centric MSSP to help automate investigating, triaging and responding to basic security alerts. The Silicon Valley-based MDR provider says its acquisition of U.K.-based Tiberium will free up security analysts to focus on preventative defenses.

Identity & Access Management

Okta Clears Up Customer Identity Confusion as SMB Sales Dip

Michael Novinson • November 30, 2022

Okta has stemmed employee attrition and accelerated customer identity sales by clarifying product function but now has to grapple with longer sales cycles for small to midsized businesses. Okta says efforts to reposition its customer identity offering over the past quarter have borne fruit.

Endpoint Protection Platforms (EPP)

CrowdStrike Sales Growth Slows as SMB Clients Delay Spending

Michael Novinson • November 29, 2022

A longer sales cycle for small businesses and delayed subscription start dates for large enterprises have forced CrowdStrike to lower its sales forecast going forward. The Austin-based endpoint security company says deals with SMB clients took 11% longer to close in the fiscal quarter ended Oct. 31.

Application Security

Veracode CEO Sam King on Joining AppSec, Container Security

Michael Novinson • November 29, 2022

The push to migrate applications to cloud-native architectures has driven increased use of containers and created the need for more security, says Veracode CEO Sam King. Veracode's expertise in application security helps the company identify open-source code and known vulnerabilities in containers.

Governance & Risk Management

RegScale Buys GovReady to Simplify Compliance for the Masses

Michael Novinson • November 29, 2022

RegScale has purchased a startup founded by the FCC's former chief data officer that makes documenting compliance easier for nontechnical personnel by using a questionnaire. The GovReady deal means customers will be able to demonstrate their adherence to standards by answering questions.

Geo Focus: The United Kingdom

UK Online Safety Bill Harms Privacy & Security, Experts Say

Akshaya Asokan • November 28, 2022

The United Kingdom is the newest front in the long-fought conflict over end-to-end encryption, as a slew of civil society groups urge the prime minister not to back legislation empowering regulators to force online intermediaries into providing decrypted messages.

Cybercrime

A Look Ahead: Lisa Sotto's Privacy, Security Outlook in 2023

Michael Novinson • November 28, 2022

A multitude of state privacy laws taking effect in 2023 has forced organizations to revamp their compliance programs to incorporate the disparate requirements, says Lisa Sotto. Companies across every industry face a threat environment that's more active and malicious than ever before.

Business Continuity Management / Disaster Recovery

Cyber Resilience Minimizes Risks for Digital Services

Brian Pereira • November 25, 2022

Cyber resilience extends beyond cyberattacks and encompasses the convergence of security and disaster recovery and takes into account other factors such as supply chain disruption, attacks on critical infrastructure, epidemics, market fluctuations, power outages, and natural disasters.