Federal prosecutors have charged a former Scripps Health employee in connection with an alleged conspiracy involving the theft of patient information that was then used to submit fraudulent unemployment claims under the COVID-19 relief program.
U.S. water treatment facilities are increasingly vulnerable to cyberthreats to their IT networks as well as their OT systems, according to experts who testified at a Senate committee hearing this week.
A patch is forthcoming for a privilege escalation vulnerability in the Windows operating system that can allow hackers to gain a foothold. Meanwhile, Linux OS users also need to adopt system upgrades to fix a flaw, and Oracle and Juniper have announced product patches.
A U.K. citizen was arrested in Spain Wednesday at the request of the U.S. Justice Department for his alleged role in a July 2020 hack of Twitter and additional incidents involving TikTok and Snapchat. This is the third arrest in the Twitter case so far.
What's up with REvil? Questions have been mounting since the notorious ransomware operation went quiet on July 13, not long after unleashing a mega-attack via remote management software vendor Kaseya's software. The Biden administration has welcomed REvil's online shutdown but says it doesn't know the cause.
Automation is essential to ensuring the security and success of any cloud migration, from the most basic to the most complex. This is the case made by Josh Zelonis of Palo Alto Networks and Dr. Anton Chuvakin of Chronicle Security. They discuss the value and benefits in this interview.
A bipartisan group of senators introduced a federal breach notification bill Wednesday that would require federal agencies, federal contractors and organizations that are considered critical to U.S. national security to report security incidents to CISA within 24 hours of discovery.
New guidance from the National Institute of Standards and Technology spells out security measures for "critical software" used by federal agencies and minimum standards for testing its source code. The best practices could be a model for the private sector as well.
Following revelations that commercial spyware vendor NSO Group was able to exploit the latest model of the Apple iPhone to install surveillance software, experts describe how Apple could be doing more to lock down its iOS mobile operating system as well as curtail attacks by making them much costlier to run.
Microsoft has announced the takedown of 17 domains that an unnamed threat group operating out of West Africa used to host fake Microsoft websites when conducting business email compromise attacks.
Marcus Christian, a former executive assistant U.S. attorney, implores businesses to not immediately abandon their incident response plans once it appears a suspected incident is resolved.
Cybereason, Rapid7 and Microsoft announced acquisitions this week designed to boost their security capabilities. Meanwhile, DevOps security firm Sysdig made a move to add infrastructure-as-code security to its portfolio.
Can NSO Group and other commercial spyware vendors survive the latest revelations into how their tools get used? The Israeli firm is again being accused of selling spyware to repressive regimes, facilitating the surveillance of journalists, political opponents, business executives and even world leaders.
A proposed $2.7 million settlement has been reached in a lawsuit filed against the University of Pittsburgh Medical Center in the wake of a 2014 data breach that exposed tens of thousands of employees' personal information and resulted in tax fraud.
Many security experts and analysts are applauding the U.S. for calling out China's cyber behavior, especially after the White House had focused so much attention on Russia's cyber activities. But some are calling for bolder action.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.