Ten U.S. senators this week wrote to the secretaries of both the Department of Homeland Security and the Department of Transportation inquiring about specific measures they plan to pursue to prevent and respond to cyberattacks on the nation's critical infrastructure.
New York State Attorney General Leticia James detailed a credential stuffing investigation that showed the compromise of 1.1 million user accounts linked to "well-known" retail operations. The 17 companies involved reportedly agreed to put new measures in place to mitigate cyber risks.
The websites of Expresso and SIC, Portugal's largest news publications, remain offline for a third day. A ransomware attack on the parent company Impresa Group was carried out by the Lapsus$ ransomware group - a relatively new bad actor that has made three high-impact attacks in less than a month.
A Zloader malware campaign has been exploiting Microsoft’s digital signature verification to steal cookies, passwords and sensitive information, according to Check Point Research. The threat actor, likely MalSmoke, used legitimate remote management software to gain initial access.
The U.S. Federal Trade Commission, the nation's top consumer protection agency, issued notice that it "intends to use its full legal authority to pursue companies" failing to mitigate against Apache's Log4j vulnerabilities – or similar vulnerabilities in the future.
A healthcare technology vendor is notifying dozens of its healthcare provider clients of an email security breach affecting their patients' protected health information. Experts say the incident serves as the latest reminder of the risks business associates pose to sensitive healthcare data.
In an update on the Apache Log4j vulnerability, Microsoft says exploitation attempts and testing for vulnerable systems and devices remained "high" through late December. This comes after security leaders have identified sophisticated and even state-backed attacks targeting vulnerable devices.
Remember Y2K? Widespread disruption was feared since systems that rendered dates as two digits needed to be updated to work with four. Well, Microsoft Exchange just issued a workaround to fix a fatal error that disrupted email delivery due to a date check failure with the change of the New Year.
A Florida-based gastroenterology practice is in the process of notifying more than 212,500 individuals of a December 2020 breach involving a business email compromise and fraud. What steps can other entities take to prevent falling victim to similar incidents?
Mobile carrier T-Mobile fell victim to another data breach, this time linked to a SIM swap attack that affected "a very small number" of its 105 million customers. Details remain scarce, but T-Mobile says it has enacted proper incident response protocols to limit the number of people affected.
A Florida public hospital system has kicked off the New Year of breaches by reporting to regulators a hacking incident detected in October that involved data exfiltration affecting the personal information of more than 1.3 million patients and employees.
The U.S. government has taken notable moves to enforce cybersecurity regulation and propose legislation, says Andy Watkin-Child, founding partner of the Augusta Group. To help prepare for these shifts, he advises organizations to improve their "understanding in global regulation in cyber."
Buckle up. The healthcare industry and consumers are heading into the New Year with indications of significant changes to the regulation and enforcement of health information privacy and security by the Department of Health and Human Services. What's in store?
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.