As healthcare sector organizations continue to fall victim to phishing incidents, the number of individuals affected by health data breaches involving compromised email accounts continues to rise.
When a breached organization such as Ubiquiti says it is "not currently aware of evidence" that attackers stole customer data, it too often means: "We don't know, because we failed to have in place the robust logging and monitoring capabilities that might have provided us all with real answers."
CISA and the FBI warn in a new alert that unidentified nation-state actors are scanning for three vulnerabilities in Fortinet's operating system, FortiOS, to potentially target government agencies and companies for cyberespionage.
Several healthcare entities are reporting health data breaches in the wake of an incident involving a vendor's employee who uploaded files containing patient data to the public-facing, open-source software development hosting website GitHub. How can entities avoid such mishaps?
IoT device manufacturer Ubiquiti revealed in a security notice that an attacker had attempted to extort money from the company following a December 2020 cyber incident - a fact not mentioned in the company's earlier notice about the attack.
The latest edition of the ISMG Security Report features an analysis of retailer Fat Face’s awkward "strictly private and confidential" data breach notification. Also featured: Discussions on the ethics of buying leaked data and the rise of central bank digital currencies.
Anyone wanting to invent a system designed to stoke widespread abuse by fraudsters would be hard-pressed to best the non-fungible token. Because they get bought and sold using cryptocurrency, it's only a question of when scammers will turn their attention to defrauding NFT aficionados.
Months after an apparent ransomware attack against cloud hosting and managed service provider Netgain Technology, the list of healthcare sector entities reporting major health data breaches linked to the incident is growing.
Security practitioners often tread a fine and not entirely well-defined legal line in collecting current and meaningful research. This research can also pose ethical questions when commercial sources for stolen data fall into a gray area.
The Government Accountability Office is urging the U.S. government to respond more rapidly to cybersecurity issues, especially in the wake of the SolarWinds supply chain attack that led to the breach of nine federal departments as well as about 100 companies.
The zero-day attacks against Accellion's File Transfer Appliance show that a number of big-name firms continued to use the legacy technology - even though more secure, cloud-based options were available. Evidently, many CISOs didn't see a compelling reason to move on. Of course, now they do.
A home healthcare company says a data breach affecting more than 753,000 patients, employees and former workers stems from a ransomware attack on its private cloud hosted by managed service providers. The company reported a similar incident 15 months ago.
An attacker added a backdoor to the source code for PHP, an open-source, server-side scripting language used by more than 75% of the world's websites. Core PHP project members say the backdoor was quickly removed.
Eleven U.S. senators are raising concerns about the Department of Energy's cybersecurity readiness as the department continues to investigate a breach related to the SolarWinds supply chain attack.
Identity crimes are up, but data breaches are down. What does this mean for risk mitigation strategies? Jim Van Dyke and Al Pascual of Sontiq offer an analysis.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.