A point-of-sale system vendor that serves U.S. medical and recreational cannabis dispensaries left an unprotected database containing sensitive information about three clients and 30,000 of their customers exposed to the internet, researchers say.
Microsoft accidentally internet-exposed for three weeks 250 million customer support records stored in five misconfigured Elasticsearch databases. While the company rapidly locked them down after being alerted, it's an embarrassing gaff for the technology giant, which has pledged to do better.
Apple previously scuttled plans to add end-to-end encryption to iCloud backups, Reuters reports, noting that such a move would have complicated law enforcement investigations. But the apparent olive branch hasn't caused the U.S. government to stop vilifying strong encryption and the technology giants that provide it.
Alphabet and Google CEO Sundar Pichai is supporting an EU proposal for a temporary ban on the use facial recognition technology in public areas and is calling for government regulation of artificial intelligence.
Are ransomware shakedowns against healthcare entities taking an even uglier turn? In a recent attack against a Florida-based plastic surgery practice, hackers exfiltrated patients' medical records and threatened to leak them unless both the clinic and patients paid ransoms.
The latest edition of the ISMG Security Report discusses why Britain is struggling to determine whether to use China's Huawei technology in developing its 5G networks. Plus: An update on a mobile app exposing infant photos and videos online and an analyst's take on the future of deception technology.
HHS has issued a draft of a five-year strategic health IT plan that is largely focused on providing patients with secure access to their health information as well as supporting secure, interoperable health information exchange among providers.
A federal judge in Atlanta has given final approval to a settlement that resolves a class action lawsuit against credit bureau Equifax, which in 2017 suffered one of the largest data breaches in history. The minimum cost to Equifax will be $1.38 billion.
U.S. Attorney General William Barr is ratcheting up the pressure on Apple to unlock two iPhones belonging to a Saudi national who carried out a deadly shooting in December. The attorney general is labeling the shooting as an act of terrorism and says Apple is hampering a counterterrorism investigation.
After a data breach, if individuals' stolen information is offered for sale on the dark web, that potentially bolsters class action lawsuits filed by plaintiffs against the breached organization, says technology attorney Steven Teppler of the law firm Mandelbaum Salsburg P.C.
Corporate network security breaches, which can prove costly to remediate and expose a company to lawsuits, are frequently the result of vulnerabilities that could have been fixed for a relatively low cost. A a brute force penetration test is a critical first step in finding those vulnerabilities.
In a bizarre "whistleblower" case, federal prosecutors have charged a Georgia man in connection with an alleged "intricate scheme" involving falsely reporting that a Savannah hospital worker committed criminal HIPAA violations.
Six months after Facebook agreed to a landmark privacy settlement with the U.S. Federal Trade Commission that resulted in a $5 billion fine, a federal judge is still considering objections from advocacy groups that claim the deal doesn't go far enough.
Healthcare organizations need to carefully assess whether data they hold falls under the scope of the California Consumer Privacy Act, says attorney Anne Kimbol, assistant general counsel of HITRUST - especially now that the regulation's Jan. 1 compliance deadline has hit.
The FBI has sent a letter to Apple asking for help in accessing encrypted data from two iPhones belonging to a deceased shooter. The bureau's move may be a prelude to another legal fight between the FBI and Apple over strong encryption.