The SolarWinds supply chain attack that led to follow-on attacks on nine government agencies and 100 companies points to the need for a federal law requiring prompt breach notification, several senators said at a Wednesday hearing.
A recent cyberattack on a Washington-based health plan, which the company believes was carried out by a foreign cybercrime group, is the latest in a series of hacking incidents targeting health insurers.
Criminals love to amass and sell vast quantities of user data, but not all data leaks necessarily pose a risk to users. Even so, the ease with which would-be attackers can amass user data is a reminder to organizations to lock down inappropriate access as much as possible.
Facebook has been attempting to dismiss the appearance of a massive trove of user data by claiming it wasn't hacked, but scraped. No matter how the theft is characterized, 533 million users have just learned that their nonpublic profile details were stolen and sold to fraudsters.
How much does it cost to recover from a ransomware attack? For the Scottish Environment Protection Agency, which was hit by the Conti ransomware-wielding gang on Christmas Eve, reported cleanup costs have reached $1.1 million. SEPA is still restoring systems and has refused to pay any ransom.
Months after the December cyberattack on Accellion's File Transfer Appliance, the identities of more healthcare sector entities that were affected continue to come to light. The latest victims to be revealed include four health plans.
Capital One is warning additional customers that their Social Security numbers may have been exposed in a massive 2019 breach. Meanwhile, a suspect in the breach is slated to go to trial in October.
As healthcare sector organizations continue to fall victim to phishing incidents, the number of individuals affected by health data breaches involving compromised email accounts continues to rise.
When a breached organization such as Ubiquiti says it is "not currently aware of evidence" that attackers stole customer data, it too often means: "We don't know, because we failed to have in place the robust logging and monitoring capabilities that might have provided us all with real answers."
A security researcher found more than 500 million Facebook records being offered for free on the darknet, exposing basic user information, including any phone numbers associated with the accounts. Facebook says this is “old data” previously reported as exposed.
CISA and the FBI warn in a new alert that unidentified nation-state actors are scanning for three vulnerabilities in Fortinet's operating system, FortiOS, to potentially target government agencies and companies for cyberespionage.
Several healthcare entities are reporting health data breaches in the wake of an incident involving a vendor's employee who uploaded files containing patient data to the public-facing, open-source software development hosting website GitHub. How can entities avoid such mishaps?
IoT device manufacturer Ubiquiti revealed in a security notice that an attacker had attempted to extort money from the company following a December 2020 cyber incident - a fact not mentioned in the company's earlier notice about the attack.
The latest edition of the ISMG Security Report features an analysis of retailer Fat Face’s awkward "strictly private and confidential" data breach notification. Also featured: Discussions on the ethics of buying leaked data and the rise of central bank digital currencies.
Months after an apparent ransomware attack against cloud hosting and managed service provider Netgain Technology, the list of healthcare sector entities reporting major health data breaches linked to the incident is growing.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.