Privacy Analysis: Google Accesses Patient Data on Millions

Marianne Kolbasuk McGee • November 13, 2019

A newly disclosed collaboration between Google and the massive Ascension healthcare system that the partners say is designed to improve patient care is raising serious privacy concerns. That's because the project involves Ascension sharing with Google data on millions of its patients - without their permission.

Governance

OCR Issues Two HIPAA Enforcement Actions, Plus Adjusts Future Fines

Latest

Cybercrime

The Dark Web's Automobile Hacking Forums

Jeremy Kirk • November 14, 2019

There are robust and detailed discussions in cybercriminal forums on how to attack modern vehicles, seeking clandestine methods to steal cars, says Etan Maor of IntSights. Luckily, hackers aren't aiming to remotely trigger an accident, but there are broader concerns as vehicles become increasingly computerized.

Cybercrime

Russian National Charged in Payment Card Scheme

Scott Ferguson • November 13, 2019

The U.S. Justice Department Tuesday unsealed an indictment charging Russian national Aleksey Burkov with running an underground site called "Cardplanet" that acted as a clearinghouse for stolen payment card data. Burkov arrived in the U.S. Tuesday after being extradited by Israel.

Governance

Researchers Describe Significant Flaw in Intel's PMx Driver

Jeffrey Burt • November 13, 2019

Researchers at Eclypsium have revealed new details concerning a significant flaw in Intel's PMx driver, which they say could give attackers "near-omnipotent" control over devices. Intel has released an updated version of the driver, a key step in mitigating risks.

Fraud Management & Cybercrime

Multilayered Security Gets Personal

Tom Field • November 13, 2019

When large-scale data breaches started to proliferate more than a decade ago, security leaders called for end-to-end data encryption. But that approach no longer suffices, says First Data's Tim Horton, who calls for a new multilayered defense.

Governance

'Devaluing' Data to Protect It

Scott Ferguson • November 13, 2019

In today's digital environment, protecting sensitive information and sales transaction data is of critical importance. Tim Horton of First Data explains the concept of "devaluing" data so it's worthless in the event of a breach.

Fraud Management & Cybercrime

EMV 3D Secure: Upcoming Milestones

Tom Field • November 13, 2019

The EMV 3D Secure specification faces some milestone dates in Europe and the U.S. What are these milestones, and how does the standard fit into fundamental fraud defenses? Jackie Hersch of Fiserv shares insight.

Governance

Microsoft Will Apply California's Privacy Law Nationwide

Jeremy Kirk • November 12, 2019

Microsoft will apply the core rights of the California Consumer Privacy Act across all its customers in the U.S., which could nudge other technology companies in the same direction as online privacy becomes an increasing concern. The move is significant in that the technology industry has lobbied against parts of the...

Cybercrime as-a-service

New Ransomware-as-a-Service Offered at Deep Discount: Report

Akshaya Asokan • November 12, 2019

A new ransomware-as-a-service model dubbed "Buran" that targets vulnerabilities in certain devices running Windows is offered at a deep discount to help the malware spread faster, according to McAfee researchers.

Governance

CCPA Compliance: Identity Verification Challenges

Suparna Goswami • November 12, 2019

One key step for preparing to comply with the California Consumer Privacy Act, which goes into effect in January, is determining how best to verify the identity of users, say two leaders of the Sovrin Foundation, who discuss the key issues.

Breach Notification

Election Interference Notification Protocols Unveiled

Scott Ferguson • November 11, 2019

The White House has developed protocols for notifying the public of nation-state hacking or other interference during the 2020 presidential election cycle. But the full framework has not yet been released.

Governance

Microsoft Warns Users: Beware of Damaging BlueKeep Attacks

Akshaya Asokan • November 11, 2019

Now that security researchers have located the first exploits that take advantage of the BlueKeep vulnerability in Windows, Microsoft is warning users to apply patches the company issued for this flaw before more dangerous exploits merge.

Governance

Democrats Pose Phone Data Privacy Questions to FCC

Apurva Venkat • November 11, 2019

Democratic members of the House Energy and Commerce Committee have sent a letter to the Federal Communications Commission demanding that it do more to enforce the Communications Act following a report about wireless carriers giving phone data to third parties.