Twitter confirms that a zero-day vulnerability allowed threat actors to gain access to the personal information of 5.4 million user account profiles. The company was notified about this specific vulnerability in Twitter's systems through its bug bounty program in January.
The government of India withdrew a long-anticipated personal data protection bill from Parliament. The government of Prime Minister Narendra Modi vowed to instead introduce a comprehensive framework of global standard laws including digital privacy laws
This edition of the ISMG Security Report analyzes the latest ransomware trends from the European Union Agency for Cybersecurity, findings from the first-ever Cyber Safety Review Board on the Log4j incident, and how security and privacy leaders are harmonizing new U.S. privacy laws.
In his role as CISO of intelliflo, veteran leader John Rouffas manages cybersecurity, risk and privacy - all in one role. And in doing so, he says, "I like to fly by the seat of my pants a bit." He explains his unique approach to leadership and mentoring.
As CISO of Edward-Elmhurst Health, Shefali Mookencherry consistently works at the intersection of cybersecurity and privacy. "Privacy tells us why," she says, "and security tells us how." She discusses her role and the inherent challenges it poses to her.
Lisa Sotto of Hunton Andrews Kurth LLP joins three ISMG editors to discuss important cybersecurity and privacy issues, including data breach preparedness, the evolution of LockBit 3.0 and the potential impact of the Cyber Incident Reporting for Critical Infrastructure Act of 2022.
Another proposed federal class action lawsuit alleges Facebook uses its Pixel tracking tool to collect millions of individuals' sensitive health data from healthcare provider websites without patients' knowledge or consent. HIPAA prohibits the use of PHI for marketing purposes without consent.
The ISMG Security Report analyzes a settlement with the U.S. Justice Department, in which Uber accepts responsibility for a data breach cover-up to avoid criminal charges. It also discusses why early-stage startups are conserving cash and recent initiatives from the U.S. Federal Trade Commission.
Big, bad bugs - including the likes of Heartbleed, BlueKeep and Drupalgeddon - never seem to burn out. Instead, they just slowly fade away, despite the risk that attackers will successfully exploit them to steal data, seize control of systems or deploy ransomware.
Thales plans to enter the customer identity and access management market through its purchase of an emerging European CIAM player. The French firm plans to capitalize on OneWelcome's strong product by extending its footprint beyond Europe and into North America and Asia-Pacific.
A new assessment framework aims to help patients, healthcare providers and others examine the various privacy, security and other risks of digital health technologies, says Tim Andrews of the nonprofit Organization for the Review of Care and Health Applications, which co-developed the framework.
Many healthcare sector entities are undertaking projects involving the collection, analysis and sharing of large volumes of health data. But along with those efforts come critical privacy and security concerns, says attorney Iliana Peters of Polsinelli.
Privitar bought regulatory intelligence provider Kormoon to reduce the cost and risk associated with compliance across multiple jurisdictions via automation. Kormoon's codified repository of data privacy rules across 46 jurisdictions globally will inform and automate policies on Privitar's platform.
Please don't pay ransoms, authorities continue to urge. Britain's lead cyber agency and privacy watchdog are now making that appeal directly to legal advisers, warning them that paying a ransom offers no data protection upsides and won't lessen any fine they might face.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.