Two recently reported health data breaches illustrate persistent security challenges - defending against ransomware attacks as well as unauthorized access to email - that sometimes can expose years' worth of data.
A software error that briefly allowed individuals to access other patients' telehealth appointment recordings serves as a reminder of the potential security and privacy risks involving telemedicine applications, especially as the use of the technology soars during the COVID-19 pandemic.
The latest edition of the ISMG Security Report analyzes why cyberattacks against banks have surged in recent weeks. Plus: The increasingly ruthless tactics of ransomware gangs; cybersecurity strategies for small businesses.
Small and midsize companies don't need to spend money on expensive security products, says cybersecurity consultant Nic Miller, but they must consider several critical factors as they devise their strategies.
Last week, security researcher Bill Demirkapi said that Trend Micro used a trick to get one of its drivers to pass Microsoft's approval process. Trend Micro has withdrawn the driver and says it's working with Microsoft on incompatibility issues that are unrelated to the researcher's findings.
A federal watchdog agency has established key goals and objectives - including protecting the security of IT infrastructure as well as combating fraud - that drive its oversight of the Department of Health and Human Services' COVID-19 response and recovery activities.
"Risk acceptance" was the operative term as organizations quickly deployed remote workforces in response to the global crisis. But now, as this deployment becomes a long-term option, enterprises need to take a future-focused view toward identity, cloud, and the attack surface. Forcepoint's Homayun Yaqub offers tips.
Three recent incidents involving inappropriate use of patient information by insiders illustrate how difficult it is for healthcare organizations to deal with the insider threat. Security experts offer risk mitigation advice.
U.S. facilities that produce, use or store hazardous chemicals are vulnerable to cyberattacks, in part because cybersecurity guidelines from the Department of Homeland Security are outdated, according to a recent GAO audit.
The increasing use of internet-connected devices in manufacturing facilities is opening up new ways for hackers to target so-called "smart" factories with unconventional attack methods, according to an analysis by security firm Trend Micro and the Polytechnic University of Milan.
To keep up with security issues raised by the transition to a much larger remote workforce and expanded telehealth services during the COVID-19 crisis, healthcare entities should "streamline" their approach to risk management, says Dustin Hutchison of the security consultancy Pondurance.
In honor of World Password Day, here's a task for every organization that uses remote desktop protocol: Ensure that all of your organization's internet-facing RDP ports have a password - and that it's complex and unique.
Forget "whitelists" and "blacklists" in cybersecurity. So recommends Britain's National Cyber Security Center, in a bid to move beyond the racial connotations inherent to the terminology. Henceforth, NCSC - part of intelligence agency GCHQ - will use the terms "allow list" and "deny list." Will others follow?
The Department of Health and Human Services has yet to implement dozens of "high priority" recommendations, including several related to enhancing its cybersecurity and reducing the risk of fraud, according to a new report from the GAO, which made the recommendations.
Because the COVID-19 pandemic had led to more employees working from home, cloud services have become indispensable, but the pressure is on organizations to ensure security, says Jim Reavis, CEO of the Cloud Security Alliance.