More than half of all Android smartphones have a flaw that can be exploited to bypass the devices' full-disk encryption. As a result, law enforcement agencies - or attackers - could access all supposedly encrypted data being stored on vulnerable devices.
Healthcare entities should take several critical steps to minimize the security risks posed by older, legacy medical devices used in their organizations, says medical device cybersecurity expert Kevin Fu.
The FDA is reviewing comments on its proposed cybersecurity guidance for medical devices, including suggestions that it should beef up the guidance with more details. Meanwhile, the agency has issued new proposed guidance clarifying that manufacturers can share device-generated information with patients.
In the latest ISMG Security Report, our editors analyze Symantec's pending purchase of Blue Coat; vulnerabilities in mobile banking apps; retailers' objections to a national data breach notification bill; and the relaunching of the IRS Get Transcript tool after a breach.
A federal watchdog agency will investigate whether government monitoring of medical device security controls is adequate, it announced in an update of its priorities for the rest of this year. In a separate report, it raised serious concerns about the security of the Washington state Obamacare insurance exchange.
The theft of an unencrypted laptop that may have contained information on up to 400,000 inmates who served time in California prisons has been added to the federal tally of health data breaches. Experts say notifying all those potentially affected could prove challenging.
Asking how many different technologies consumers will tolerate when it comes to paying for their goods and services is a bit like asking how many more superheroes moviegoers will countenance in the latest "Avengers" film.
HIPAA has long provided patients with the right to access their own "designated record set" of protected health information. But federal regulators are on a campaign to help patients and healthcare organizations understand records access rights, as well as the related privacy risks.
In the wake of reports that 65 million stolen credentials from micro-blogging platform Tumblr have surfaced online, following 117 million LinkedIn credentials, it's clear that 2016 is fast becoming the year of what one security expert dubs "historical mega breaches."
The manufacturers of wearable health devices should incorporate key privacy and security best practices into the R&D of their products, says privacy advocate Michelle De Mooy of the Center for Democracy & Technology, who describes recommendations in a new study.
In today's rapidly changing cyber threat environment, the federal government needs to take a lead role in making sure mobile device security is adequate, says security researcher Stephen Cobb, who analyzes ongoing investigations by the FTC and FCC in this audio interview.
Ransomware, regulations, botnets, information sharing and policing strategies were just some of the topics that dominated the "International Conference on Big Data in Cyber Security" hosted by Edinburgh Napier University in Scotland.
America's cyber infrastructure is under constant attack, and damage to it could have significant consequences. But the presidential candidates haven't had much to say about the issue. At ISMG's Fraud and Breach Prevention Summit, a panel of experts will address how the next president should tackle cybersecurity.
The FTC and FCC have launched security investigations of mobile device makers and wireless carriers, citing growing concerns over vulnerabilities that threaten "the security and integrity" of these products and services. The regulators are examining how security patches are distributed.