President Joe Biden's nominees for White House cyber director and CISA director faced questions from senators during their confirmation hearing Thursday, including how the federal government should respond to a recent spate of ransomware attacks and other cyberthreats.
Is it any wonder that criminals keep flocking to ransomware when their individual haul from a well-executed digital heist can be worth $11 million? That's the amount paid to the REvil ransomware gang by meatpacker JBS USA, after its systems were crypto-locked on May 30.
The Biden administration has rescinded a number of Trump-era executive orders that banned social media apps such as TikTok and WeChat from the U.S. over national security concerns. Instead, the Commerce Department will conduct a security review of all Chinese-made apps and the data they collect.
There are fundamental challenges in how enterprises secure SOC data, and they start with: How do you grant access to the right people and deny it to the wrong people? Carolyn Duby of Cloudera opens up on how to address data governance, privacy and security concerns.
President Biden's recent executive order for bolstering cybersecurity of the federal government contains provisions for enhancing supply chain security that are similar to proposals by the Food and Drug Administration to improve medical device security. But how are the FDA's healthcare-related provisions doing?
CISA is preparing to expand its vulnerability research and disclosure program, which is now mandatory for nearly all executive branch agencies, by creating a vulnerability disclosure platform service. As part of this effort, the cybersecurity agency is partnering with Bugcrowd and EnDyna.
Thousands of suspected criminals have been relying on the "Anom" encrypted communications platform to coordinate their efforts. But the FBI and Australian police developed Anom as a honeypot for monitoring criminals, producing intelligence that globally led to 800 arrests and massive drug seizures.
The recent decision by a Massachusetts-based hospital to pay a ransom in exchange for promises by the attackers to destroy stolen data spotlights the difficult choices many healthcare entities face in the wake of cyberattacks.
In its 19th enforcement action involving a HIPAA "patient right of access" dispute, the Department of Health and Human Services has smacked a small medical practice with a financial fine and a supervised corrective action plan.
The White House has written to business leaders, urging them to prioritize having robust ransomware defenses in place. The move comes as the Biden administration pursues multiple strategies to combat ransomware and digital extortion, including ordering a new task force to coordinate all federal investigations.
In a decision that will have major implications for the cybersecurity industry, the U.S. Supreme Court ruled Thursday to limit the scope of the Computer Fraud and Abuse Act. Security researchers and civil liberty groups argued that the 1986 law was too broadly written and outdated for today.
Organizations are connecting to industrial control networks at an increasing pace. The need to connect to the IT environment, cloud applications and remote workers has created a definitive gap by eroding the demilitarized zone. Because of this, organizations must deploy new ways to secure operational technology...
Former customers of the now-defunct encrypted communications service EncroChat, which was infiltrated by police last year, continue to get busted, including members of a crime syndicate that operated "an industrial-scale cocaine laboratory" in the Netherlands, Europol says.
The Department of Homeland Security has issued a cybersecurity directive that requires the operators of oil and gas pipelines to report ransomware attacks and other security incidents to the government and take other security steps.
A federal $25,000 HIPAA settlement with a clinical laboratory is significant because it calls for a wide-ranging corrective action plan. And the enforcement action is unusual because it's the result of a compliance review of a covered entity not directly tied to the data breach that triggered the investigation.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.