Web portals designed to provide convenient service to consumers can pose substantial security risks, as numerous breaches in recent years have clearly illustrated. What steps can be taken to reduce those risks?
In the latest in a series of HIPAA enforcement actions taken by states this year, Massachusetts Attorney General Maura Healey's office has signed a $75,000 consent judgment with McLean Hospital, a psychiatric facility, in connection with a breach that affected 1,500 individuals.
Facebook violated consumer protection law by failing to protect personal data that consumers thought they'd locked down, the District of Columbia alleges in a new lawsuit. Plus, Facebook is disputing a New York Times report that it ignored privacy settings and shared data with large companies without consent.
A large health insurer in Western Australia shared the home addresses of some psychologists to a web-based appointment booking service, according to a news report. The health insurer belated realized after a complaint from one practitioner that some psychologists work from home.
DigiCert just conducted a global study of how organizations across sectors are approaching IoT security. What are some of the best practices of the organizations that emphasize securing connected devices? Mike Nelson of DigiCert shares the findings.
In the aftermath of the Marriott breach, it's fair to characterize Gartner's Avivah Litan as mad as hell and not wanting the U.S. to take it anymore. Going into 2019, Litan has policy and technology recommendations for national cyber defense.
Ireland's privacy watchdog is probing data breaches at Facebook that exposed users' private data. In the latest breach to be disclosed, Facebook has warned that for a 12-day period in September, up to 6.8 million users' private photos may have been revealed to 1,500 apps built by 876 developers.
For the second time this year, health insurer EmblemHealth has been hit with a state financial penalty in connection with a 2016 breach that exposed Social Security numbers on mailings to more than 81,000 plan members.
Super Micro Computer says a third-party audit of its recent and older motherboards has not turned up evidence of a spying chip as alleged in an explosive report two months ago by Bloomberg BusinessWeek. Bloomberg, however, has stood by its story despite no physical example of the malicious chip turning up.
In the wake of the recent Marriott and National Republican Congressional Committee data breaches, now is the time to get your board's attention regarding breach response and public disclosures. Attorney Mark Rasch offers insights for preparing and practicing response plans.
The latest edition of the ISMG Security Report features an analysis of the validity of reports that China is behind the massive Marriott data breach. Also: Fascinating details in a Congressional report on the Equifax breach, and a clear explanation of "self-sovereign identity."
Hackers linked with China are suspected to be behind the four-year breach of Marriott's Starwood guest reservation system, according to several news reports. The suggestion is likely to contribute to increased tension between the U.S. and China.
In its third enforcement action in recent weeks, federal regulators have hit a Colorado medical center with a HIPAA fine in a case involving failure to terminate a former employee's remote access to patient data. Other organizations can use the case as a "teachable moment," one attorney advises.
Breach victims who sign up for free fraud-monitoring services from breached businesses that lost control of their data often sign away their right to join class-action lawsuits or pursue other legal actions, and Marriott proved to be no exception, following its mega-breach. But it now appears to be backing off.