Patch or perish to protect against Meltdown and Spectre attacks, and prepare to keep patching as Intel, AMD and ARM, as well as makers of devices running Apple, Google and Windows operating systems, including Apple iOS and Android smartphones and tablets, continue to refine their fixes.
U.S. healthcare entities need to keep security top of mind if they use offshore services to handle protected health information, security experts say, pointing to specific steps to take.
From GDPR to the NIST Cybersecurity Framework, vendor risk management is a key component of every new piece of cybersecurity guidance. Yet, security leaders still struggle to inventory and assess their strategic partners. Sam Kassoumeh of SecurityScorecard explores the challenges.
Every new cybersecurity regulation includes at least some emphasis on improving vendor risk management. But what happens when vendors balk at the extra degree of scrutiny required? Moffitt Cancer Center's Dave Summitt describes his risk-based approach to business associates.
The healthcare sector should consider adopting cybersecurity best practices implemented in the financial sector, especially those related to supply chain security and information sharing on cyberattacks, says security expert Greg Garcia.
The upcoming enforcement of GDPR puts the spotlight on data governance, but what about the potential impact on vendor risk management? Jacob Olcott of BitSight discusses how to prepare for this new generation of cybersecurity regulations.
As the GDPR enforcement date edges closer, organizations remain unprepared to comply, says BitSight's Elizabeth Fischer - especially when it comes to vendor risk management. What - beyond contracts - do organizations need?
Security vendors are known to sprinkle hyperbole among their claims. But the strategy has backfired for DirectDefense, which mistakenly cast endpoint protection vendor Carbon Black as a contributor to the "world's largest pay-for-play data exfiltration botnet."
Nuance has issued an unusual public letter to customers explaining why the medical transcription services vendor has decided not to report the NotPetya malware attack on the company to federal regulators as HIPAA breach. How did Nuance make its determination?
Security comes to Las Vegas this week in the form of Black Hat USA 2017. Hot sessions range from an analysis of power grid malware and "cyber fear as a service" to details of two major hacker takedowns and how the world's two largest ransomware families cash out their attacks.
Organizations rely on a variety of outside firms to deliver security services. But how can they get the most value? Catherine Buhler, CISO of BlueScope Steel, shares how she challenges managed security services providers.
Worried about the use of encryption by terrorists, Australia plans to lobby its key signal intelligence partners at a meeting in Canada for the creation of new legal powers that would allow access to scrambled communications. But Australia says it doesn't want backdoors. So what does it want?
Two researchers who launched a crowdsourced effort to subscribe to the Shadow Brokers' monthly leak of stolen Equation Group exploits - on behalf of the entire information security community - have dropped their effort, citing legal concerns.
When it comes to breach preparation, it isn't just about protecting IT assets. Increasingly, the conversation is about reputational risk management, says Jacob Olcott of BitSight Technologies.
The figure sounds alarming, 60 percent of small companies went belly up within six months of a breach. And that stat was repeated several times by lawmakers as a House panel debated - and approved - a bill aimed at helping small businesses battle hackers. But is that number true?
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.