Security ratings are increasingly popular as a means of selecting cybersecurity vendors. But Ryan Davis at CA Veracode also uses BitSight's ratings as a means of benchmarking his own organization for internal and external uses.
Breached businesses in Europe: Brace for more class action lawsuits seeking material and non-material damages filed by victims following mandatory data breach notifications under GDPR, says attorney Jonathan Armstrong. He predicts more breach-related suits will succeed in Europe than in the United States.
Recent additions to the federal health data breach tally shine a light on the mistakes that contribute to breaches - and in some cases, make situations far worse.
In Australia, it can take as few as 15 minutes to steal someone's phone number, a type of attack known as SIM hijacking. Such attacks are rising, but mobile operators have no plans to change the authentication required around number porting, which can be set in motion online with minimal personal information.
A HIPAA-related enforcement case in Massachusetts involving two insider breaches alleges a trail of missteps, including failure to take prompt action after receiving tips about potential misuse of patient information. What can other entities learn from the mistakes?
Twitter has fixed a bug that sometimes sent a user's direct messages not only to the specified recipient, but also to unrelated external developers. The social networking service is notifying more than 3 million affected users and has requested that unintended recipients delete the messages.
Massive, well-resourced companies are still using live customer data - including their plaintext passwords - in testing environments, violating not just good development practices but also privacy laws. That's yet another security failure takeaway from last year's massive Equifax breach.
As CISOs, CIOs and privacy officers look for ways to boost the timely, secure sharing of healthcare information to improve treatment, one obstacle that potentially stands in the way is CFR-42 Part 2, a 1970s-era regulation. Dozens of healthcare organizations are pushing Congress to change that regulation.
One mystery with the recently discovered payment card sniffing attacks against such organizations as British Airways and Newegg has been how attackers might have first gained access to the victims' networks. But a number of cybercrime markets sell such access, in some cases for as little as 50 cents.
Scotland's Arran Brewery fell victim to a Dharma Bip ransomware attack that infected its Windows domain controller and crypto-locked files and local backups, leading to the loss of three months' worth of sales data. The brewery refused to pay the attackers' two bitcoin ransom demand.
DDoS attacks have increased significantly in scale via IoT botnet attacks. Gary Sockrider of Netscout Arbor discusses best practices for dealing with this significant threat.
The latest edition of the ISMG Security Report takes a look at the EU's General Data Protection Regulation, including the outlook for enforcement and common misconceptions about its provisions.
Seeking better operational efficiency and ROI, many enterprises have begun significant software automation and orchestration efforts without accounting for the inherent security risks they may bring, says Jeffery Kok of CyberArk.
HIPAA privacy violations can come in many forms. Case in point: Federal regulators have smacked three Boston hospitals with settlements totaling nearly $1 million for allowing crews for the documentary TV show "Save My Life: Boston Trauma" to film on their premises without obtaining authorization from patients.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.
