In an in-depth interview about a new study that identifies thousands of vulnerabilities in cardiac devices, security researcher Billy Rios calls on manufacturers to more carefully consider the compromises they make in balancing the usability benefits to patient care versus the cybersecurity risks.
A number of media reports have recently suggested there's a "link" between WannaCry and the Lazarus hacking group, implying that North Korea authorized the ransomware campaign. But based on the evidence available so far, it's much too early to attribute the attacks to anyone.
Reports on how the U.S. Congress is taking steps to toughen cybersecurity lead the latest edition of the ISMG Security Report. Also, an analysis of a Government Accountability Office study on the IoT landscape and the security threats facing the internet of things.
Former Bush and Obama cyber adviser Melissa Hathaway says that over the past decade, more than 100 recommendations on improving government cybersecurity have been made but mostly ignored. Now the cybersecurity executive order signed by President Donald Trump will add dozens of new reports in 14 areas.
The cybersecurity epitaph of the fired FBI director could read: "He showed courage to take on Apple." Comey publicly battled Apple CEO Tim Cook over unlocking the iPhone of the San Bernardino shooter, becoming the face of the proponents who seek ways to bypass encryption on mobile devices.
Although cyberattacks on medical devices that could potentially harm patients so far have only been demonstrated in lab settings, there have been actual cases involving the hacking of devices to gain access to patient data, says ethical hacker Stephanie Domas.
A class action lawsuit against telehealth software vendor MDLive shines a spotlight on regulatory gaps and other murky privacy and security issues related to the growing use of consumer health applications.
Medical device manufacturers and healthcare entities should take five key cyber-related steps to help ensure patient safety, says Beau Woods of the grassroots cyber-safety advocacy group, I Am the Cavalry.
NIST's proposed update to its cybersecurity framework needs to better address specific concerns of the healthcare sector, say some industry groups commenting on the recently released draft. So, what are they asking NIST to do?
Collaboration between medical device manufacturers and ethical hackers who discover vulnerabilities is getting better, but there's still plenty of room for improvement, says Bill Aerts, the former global privacy and security officer of Medtronic.
Recent settlements between New York State's attorney general office and three mobile app vendors for misleading privacy and marketing practices could have implications for other developers, especially if other states follow suit with their own enforcement actions, some legal experts say.
Some medical devices, smartphones and internet of things gadgets contain certain types of sensors that are vulnerable to potential hacking using sound waves, says cybersecurity researcher Kevin Fu, who calls on manufacturers to address the risks.
With ransomware attackers having already launched attack code with themes ranging from horror movies and Pokemon to Hitler to cats, it was only a matter of time before they decided to beam Star Trek's Kirk and Spock direct to would-be victims' PCs.