In an usual move, federal regulators have made arrangements to have a cyber insurer cover a $2.3 million HIPAA penalty on behalf of a bankrupt cancer care clinic chain, 21st Century Oncology, which also signed false claims settlements totaling $26 million.
Legislation pending in Congress that would offer protections for companies and individuals who seek to "hack back" in retaliation against cybercriminals who have attacked them is a bad idea, contends Alan Brill of Kroll.
With just a few months left until the EU's General Data Protection Regulation will be enforced, too many so-called "experts" are spreading fear and falsehoods about the regulation, says Brian Honan, a Dublin-based cybersecurity consultant, who clarifies misperceptions in an in-depth interview.
The latest ISMG Security Report leads with a report on a malware attack on an industrial safety system that experts contend could threaten public safety. Also, legislation giving DHS's cybersecurity unit a meaningful name progresses through Congress.
What does the title National Protection and Programs Directorate mean to you? It's not so clear, unless you are familiar with the Department of Homeland Security's organizational chart. To clarify its mission, the House has voted to rename - and revamp - the DHS agency.
Most of the criminal activity targeting today's enterprises originates at the endpoint, and the majority of modern breaches use known threats or vulnerabilities for which a patch already exists. For this reason, endpoint visibility must be complete and continuous.
Cybercriminals continue to rely on individuals who undertake the risky operation of moving illicit proceeds from one location to another. But these "money mules" face a multitude of risks, including imprisonment, police warn.
The latest ISMG Security Report features a special report on securing medical devices. Healthcare security leaders from the FDA, an academic medical center and a medical device manufacturer share their insights on the challenges involved.
Ethiopian dissidents living overseas had their devices infected with spyware made by an Israeli defense company, Canadian researchers allege. Their findings have revived longstanding concerns over some governments' potential abuse of powerful surveillance tools.
The hacker to whom Uber paid $100,000 to destroy data and keep quiet about its big, bad breach is a 20-year-old man living in Florida, Reuters reports. But numerous questions remain about the 2016 breach, including whether the payment was a bug bounty, extortion payoff or hush money.
The cloud gives organizations great new opportunities to deploy new systems and applications. It also creates a whole new level of cybersecurity exposure, says Gavin Millard of Tenable, offering tips to bridge that gap.
In an era where users are working simultaneously across mobile, social and cloud applications and platforms, organizations need to deploy identity and access management solutions that can scale and adapt quickly. IBM's Sean Brown describes the rise of Identity as a Service.
The alleged theft of mental health information on more than 28,000 patients in Texas, which went undetected for well over a year, is yet another reminder of the substantial risks that terminated employees can pose as well as the need to take extra steps to protect the most sensitive patient information.
Denial of Service, web application layer attacks, credential abuse and IoT - these are the attack trends and vectors that will make headlines in 2018. Ryan Barnett of Akamai offers insight into how to prepare your defenses.