ISMG's global editorial team reflects on the top cybersecurity news and analysis from 2021 and looks ahead to the trends already shaping 2022. From ransomware to Log4j, here is a compilation of major news events, impacts and discussions with leading cybersecurity experts on what to expect in the new year.
Health technology providers - including makers of mobile health apps, personal health records, fitness devices and other related products - must keep a watchful eye on critical evolving privacy and regulatory issues in the months ahead, says attorney Brad Rostolsky of the law firm Reed Smith.
In the U.S., three states now have disparate data privacy laws - and more are coming. Meanwhile, China has enacted a new law that has global enterprises scrambling. How will these and other actions shape privacy discussions in 2022? Noted attorney Lisa Sotto shares insights.
Two years into the pandemic, pharmaceutical firms remain a top target for cybercriminals, and that trend will undoubtedly persist in 2022, says Paul Prudhomme, a former Department of Defense threat analyst who is now a researcher with cybersecurity threat intelligence firm IntSights.
Preventing rogue device attacks is a critical component of Baptist Health's zero trust strategy, says Michael Erickson, CISO of the healthcare delivery system, which operates nine hospitals and other care facilities in Kentucky and Indiana.
The Cloud Security Alliance's new medical device incident response playbook aims to help healthcare entities plan for security incidents involving different types of devices, taking into consideration varying patient safety issues, say co-authors Christopher Frenz of Mount Sinai South Nassau and Brian Russell of...
Lisa Sotto, partner and chair of the global privacy and cybersecurity practice at Hunton Andrews Kurth LLP, joins three ISMG editors to discuss important cybersecurity and privacy issues, including how U.S. enterprises are harmonizing three disparate privacy laws, and ransomware preparedness.
Two healthcare sector entities are in the process of notifying a total of nearly 750,000 individuals of recent hacks compromising patients' protected health information. Separately, regulators have issued HIPAA guidance pertaining to PHI disclosures involving "extreme risk" and firearms.
Michael Lines is working with Information Security Media Group to promote awareness of the need for cyber risk management, and as a part of that initiative, the CyberEdBoard will post draft chapters from his upcoming book, "Heuristic Risk Management: Be Aware, Get Prepared, Defend Yourself." This post's chapter is...
The spyware of sanctioned Israeli firm NSO Group was reportedly detected on the smartphones of high-profile Polish figures associated with the nation's opposition party. And the spyware has also reportedly been tied to the phone of Hanan Elatr, wife of the late journalist Jamal Khashoggi.
Cyber GRX senior director and CyberEdBoard executive member Peter Gregory discusses data everyone has that is an asset, but also a liability - your contact list - and how to decrease your chances of it turning toxic.
The findings from a penetration test can help you identify risks and gaps in your security controls. Charles Gillman offers tips to maximize the value of your next pen test and, in the process, deliver better results.
The Biden administration has announced that the U.S. and several allies have aligned to create the Export Controls and Human Rights Initiative, which puts stricter criteria around the export of certain offensive cyber tools, particularly those that end up in the hands of authoritarian regimes.
Federal regulators are warning healthcare sector entities worldwide that an authentication vulnerability in a variety of Hillrom Welch Allyn cardio products, if exploited, could allow attackers access to privileged accounts. Why is the flaw so worrisome for some healthcare IT environments?
As the final weeks of 2021 wrap up, the federal health data breach tally continues to show hacking incidents by far dominating as the top category of breaches being reported. That includes the addition of several major ransomware incidents reported by healthcare entities and vendors in recent weeks.