Cybercriminals are "upping their game" by stealing and then auctioning off on the dark web administrative access credentials to healthcare organizations' clinician and patient portals, says Etay Maor of IntSights.
Insider threats are difficult to counter. What happens when an employee goes rogue, and how do you catch them? Charles Carmakal of Mandiant, who says his firm is dealing with more insider threat investigations, shares tips for better defenses.
Some healthcare IT industry groups and large provider organizations are pushing the Senate to follow the House's lead and approve a measure to lift the 20-year ban on federal funding of the development or adoption of a unique national patient identifier. Why is this still such a hot privacy issue?
Two years after WannaCry wreaked havoc via flaws in SMB_v1 and three years after Mirai infected internet of things devices en masse via default credentials, attackers are increasingly targeting the same flaws, security experts warn.
Israel-based cyber-intelligence firm NSO Group, which has been accused of selling technology that enables governments to spy on citizens, is pledging to adopt human rights guidelines developed by the United Nations. But critics of the firm question whether its moves are meaningful.
The ransomware blitz against the healthcare sector continues: A Utah clinic has reported an attack that potentially affected 320,000 patients, making it one of the largest breaches of its kind so far this year.
As part of its September Patch Tuesday security update, Microsoft issued software fixes for two vulnerabilities in several versions of Windows that it says are being exploited by attackers in the wild. Security experts are urging IT teams to quickly patch these flaws.
The Pentagon and the Department of Energy are pitching new or revised cybersecurity capability maturity models to help their sectors prioritize cybersecurity investments and refine processes and controls. But should they defer to the NIST Cybersecurity Framework instead?
Earlier this year, intruders probed weaknesses in the network firewalls of a U.S. power utility to attempt a distributed denial-of-service attack, but there was no disruption in electricity service, according a recently released report. The incident illustrates potential weaknesses in the power grid.
A mishap involving the mailing of breach notification letters has led a Tennessee hospice to issue a "corrective" privacy breach notification. The incident is yet another example of why healthcare organizations need to carefully scrutinize their breach response and notification processes.
Email server alert: Linux and Unix administrators should immediately patch a remotely exploitable flaw in Exim, one of the world's most-used message transfer agents, security experts warn. Attackers could abuse the flaw to deliver ransomware, spy on or spoof emails and possibly also take down cloud services.
HHS has slapped a Florida healthcare provider with an $85,000 settlement for failing to provide a mother with timely access to fetal monitoring records. The settlement with Bayfront Health St. Petersburg is the agency's first enforcement action in its "HIPAA right of access initiative."
Every week seems to bring a fresh installment of "patch or perish." But security experts warn that patch management, or the larger question of vulnerability management, must be part of a much bigger-picture approach to managing risk. And the challenge continues to get more complex.
A new weaponized proof-of-concept exploit for the BlueKeep vulnerability in Windows has been released by researchers at Rapid7 and Metasploit in an effort to help create a sense of urgency to patch the flaw.
Federal regulators have recently issued three advisories on cybersecurity vulnerabilities identified in medical devices. Some experts say the spotlighted flaws are issues commonly found in legacy medical devices as well as other IT products.