In its third enforcement action in recent weeks, federal regulators have hit a Colorado medical center with a HIPAA fine in a case involving failure to terminate a former employee's remote access to patient data. Other organizations can use the case as a "teachable moment," one attorney advises.
The massive data breach suffered by Equifax in 2017 "was entirely preventable," according to a report released by the House Oversight Committee's Republican majority. Some Democratic lawmakers have slammed the report for failing to advance legislative or oversight changes to help prevent breaches.
Hackers have been plugging inexpensive hardware into banks' local area networks to help perpetrate heists that have stolen tens of millions of dollars, warns Kaspersky Lab. It says that since 2017, the "DarkVishnya" attack campaign has hit at least eight Eastern European banks.
The U.K.'s privacy watchdog says that six months after enforcement of the EU's General Data Protection Regulation began, it's seen a dramatic increase in data breach reports - as well as privacy complaints from the public.
Credential abuse attacks and identity theft incidents are rising, with attackers leveraging botnets to launch coordinated campaigns with high success rates, says Aseem Ahmed of Akamai Technologies, who shares best practices for mitigating the threats.
Two health IT professional associations are urging Congress to "modernize" HIPAA to extend patients' rights to securely access, view, download and transmit their health information - including health data not currently covered under HIPAA. Regulatory experts size up whether the proposed changes are feasible.
A batch of documents meant to be kept under court seal lays bare Facebook's strategic brokering of access to user data to reward partners and punish potential rivals. The material also demonstrates Facebook's views at the time on privacy and the risks of leaking data.
Our goal with this report has always been to track the ever-shifting contours of the cyber-threat landscape and communicate what
we're seeing to our readers.
Generally speaking, the TLI is based on the premise that if organizations are seeing more threats more frequently, then things are
getting worse. If the...
The healthcare sector is making progress in moving from a reactive to a proactive approach to cybersecurity as it learns lessons from other sectors, including financial services, says Greg Garcia, executive director for cybersecurity at the Healthcare and Public Health Sector Coordinating Council.
Common data security mistakes made by many organizations including having a static security plan that doesn't evolve, focusing solely on compliance and not testing incident response plans, says Monique Kunkel of NTT Data Services.
Federal regulators have slapped a company that provides contracted physicians to hospitals and nursing homes with a $500,000 HIPAA settlement in a breach case involving the lack of a business associate agreement with an individual providing billing services.
A severe vulnerability in Kubernetes, the popular open-source software for managing Linux applications deployed within containers, could allow an attacker to remotely steal data or crash production applications. Microsoft and Red Hat have issued guidance and patches; they recommend immediate updating.
One of the most significant cybersecurity challenges facing the healthcare sector is coming up with strategies that work for organizations of broadly varying sizes, says Mark Jarrett, M.D., of Northwell Health.
A failure to patch systems and slipups that lead to insider threats are two major causes of breaches in the healthcare sector that need to be urgently addressed, says Anahi Santiago of Christiana Care Health System.