A second cybercriminal gang - RansomHub - is trying to shake down Change Healthcare's parent company, UnitedHealth Group, and have it pay another ransom for data that an affiliate of ransomware-as-a-service group BlackCat claims to have stolen in February. Is this the latest ruse in a messy attack?
Foundations housing seven large open-source projects are banding together ahead of what they say is a nearly impossible 2027 deadline created by Europe's Cyber Resilience Act - the world's first digital supply chain regulation. European Union lawmakers approved the act in March.
Security researchers are warning about a relatively new malware called Latrodectus, believed to be an evolutionary successor to the IcedID loader. It has been detected in malicious email campaigns since November 2023, and recent enhancements make it harder to detect and mitigate.
As recovery from its Feb. 21 cyberattack continues, Change Healthcare and its parent company UnitedHealth Group are facing a growing pile of lawsuits, while health sector entities affected by the IT services disruption are dealing with a mounting stack of bills and other paperwork to catch up on.
In the latest weekly update, ISMG editors discussed key insights on OT security from the Cyber Security for Critical Assets Summit in Houston, the implications of a critical Linux utility found to have a backdoor, and a CISO's perspective on comprehensive cloud security strategy.
As Web 3.0 gains momentum, it poses major risks - economic uncertainties, cyberthreats and communication challenges, said RAID Square CEO Sébastien Martin. "There is a lot of regulation, and if you're not respecting the regulation, there is a lot of risk in terms of reputation," he said.
As organizations embrace digital transformation, software security challenges have become increasingly complex. Adriana Freitas, director of the European Foundation Anti-Phishing Working Group, offers insights on the imperative role of DevSecOps in modern cybersecurity practices.
Besides not doing cyberthreat modeling at all, some the biggest mistakes medical device manufacturers can make are starting the modeling process too late in the development phase or using it simply as a "paper weight exercise," said threat modeling expert Adam Shostack of Shostack & Associates.
The European Data Protection Board guides the harmonization of regulations across 27 EU member states. EDPB Chair Anu Talus sheds light on the board's mission and the transformative impact of the General Data Protection Regulation since its inception in 2018.
The Energy Department is hoping to catalyze next-generation solutions to cybersecurity vulnerabilities in the energy sector by funding the creation of university-based cyber energy centers nationwide that will bring together private sector partners and the future of U.S. cyber talent.
What do a California cancer research center; an Indiana ear, nose and throat practice; an Oklahoma ambulance company; and a New York billing firm all have in common? They're among the latest firms to report data exfiltration breaches, which have affected millions of U.S. patients so far this year.
IT and OT security experts say threats to shipping underscore the need for more stringent regulations for passenger, cargo and high-speed vessels by the International Association of Classification Societies. The new IACS cybersecurity and resilience requirements will go into effect July 1.
Remote Desktop Protocol (RDP) is commonly abused by ransomware groups. Here are methods on how we can provide context and advice for administrators and responders looking to deal with RDP.
Federal regulators are continuing their crusade for healthcare firms to provide patients and their representatives with timely access to medical records when requested. HHS OCR recently hit two nursing home operators with fines in separate incidents involving HIPAA "right of access" disputes.
The differences between working in cybersecurity in the U.K. and U.S. are not just a matter of accent or office culture; they are a study in how national security priorities, regulatory environments and cultural attitudes toward privacy and surveillance affect cyber workers' professional lives.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.