With apologies to Jay-Z, getting hit with ransomware might make victims feel like they have 99 problems, even if a decryptor ain't one. That's because ransomware-wielding gangs continue to find innovative new ways to extort cryptocurrency from crypto-locking malware victims.
In the three years since Equifax suffered a massive data breach, the consumer credit reporting firm says it has worked tirelessly to overhaul the security shortcomings that allowed the breach to happen. Equifax CISO Jamil Farshchi and other security experts weigh in on important lessons learned.
The eHealth Initiative and the Center for Democracy and Technology are seeking feedback on their draft privacy framework that addresses gaps in legal protections for consumer health data falling outside of HIPAA's regulatory umbrella, says eHI CEO Jennifer Covich Bordenick.
The U.S. Cybersecurity and Infrastructure Security Agency is ordering most executive branch agencies and departments to create vulnerability disclosure programs by March 2021. Some agencies, such as the Pentagon, already have robust programs in place.
The number of cybersecurity incidents reported to the U.K.'s data privacy watchdog has continued to decline, recently plummeting by nearly 40%. But is the quantity of data breaches going down, or might organizations be failing to spot them or potentially even covering them up?
Federal regulators are reminding healthcare organizations about the importance of accurate IT asset inventory management to help reduce breach risk. Regulators have also beefed up a HIPAA guidance portal for mobile app developers.
Contact-tracing apps are continuing to take shape around the world as the COVID-19 pandemic continues. Using privacy-by-design principles is critical to building trust in these apps, says privacy expert Ann Cavoukian.
Blackbaud is one of a growing number of organizations that say they paid ransomware attackers primarily for their promise to delete exfiltrated data. A class action lawsuit filed against the software vendor in the wake of its breach notification questions whether attackers' promises have any merit.
The Department of Health and Human Services' Office for Civil Rights plans to issue a notice of proposed rulemaking to modify the HIPAA rules before the end of the year, says Timothy Noonan, the agency's deputy director for health information privacy.
He'd worked at NASA, Visa and Time Warner and stepped in at Home Depot after it was hacked in 2014. But nothing quite prepared Jamil Farshchi for the spotlight he'd face when he took over as CISO at Equifax after its massive 2017 data breach. He discusses how the Equifax security organization has rebounded.
Patient identifiers embedded in medical images used for online presentations are at risk of inadvertent discovery by advanced web-crawling technologies in search engines, three radiology associations warn.
Several health IT industry groups are urging the FTC to update its health data breach notification rule, designed to cover health data not protected under HIPAA, to better address technological developments and regulatory gaps that have evolved since the rule was implemented a decade ago.
Increasingly, cyber attacks are taking advantage of privileged accounts, and traditional PAM controls are not enough to defend against them. Tim Keeler of Remediant discusses the role of Zero Standing Privilege and just-in-time privileged account defense.
An advertising software development kit called Mintegral that's embedded in 1,200 iOS apps misattributes ad clicks and logs potentially sensitive app data, security firm Snyk alleges. But Apple says there's no evidence the SDK is harming users.