The recent WannaCry ransomware campaign has led to more healthcare organizations paying closer attention to cybersecurity and the latest threats, says Lee Kim of the Healthcare Information and Management Systems Society.
Trump Hotels is warning customers that payment card data at 14 of its properties was compromised during a seven-month breach that affected service-provider Sabre. Other affected chains include Hard Rock Hotel & Casino and Loews Hotels.
Although the Office of the National Coordinator for Health IT is phasing out its chief privacy officer position, a focus on data security and privacy will continue to be interwoven into all the work the office does, including electronic health record interoperability efforts, the head of the office pledges.
Russian-born Alexander Tverdokhlebov has been sentenced to serve nine years in U.S. prison after pleading guilty to causing damages of between $9.5 million and $25 million by running botnets, using malware to steal payment card data, selling "dumps" of that data as well as hiring money mules.
Regulators will not penalize healthcare providers that attested to meeting HITECH Act "meaningful use" incentive payment requirements using electronic health records from eClinicalWorks, a vendor that recently settled a false claims case with federal prosecutors.
Avanti Markets is warning 1.6 million users of its self-service kiosk vending machines that malware-wielding hackers infected about 1,900 of its machines and stole names and payment card data, but not biometric information. Point-of-sale malware called Poseidon appears to be involved.
President Donald Trump backtracked on a pledge that the United States and Russia would work together to improve global cybersecurity by forming a joint working group after his proposal was criticized by both Republican and Democratic lawmakers.
Although it's important to work with law enforcement after a data breach, organizations need to be careful about what information they share, says attorney Ruth Promislow, partner at Bennett Jones LLP.
As healthcare organizations build patient portals, they must address user authentication and a variety of other security issues, much like those involved in online banking, says Erik Devine, chief security officer at Riverside Healthcare in Illinois.
Analytics can play a critical role in cracking down on identity fraud, says Shaked Vax, Trusteer products strategist at IBM Security, who explains how to use the latest tools to identify network intruders.
Good news for some ransomware victims: The master key used to encrypt the original versions of Petya ransomware has been released. But the key cannot be used to decrypt the "NotPetya" malware that recently began crypto-locking PCs.
Recent ransomware attacks against a healthcare provider in Texas and police and fire departments in Tennessee spotlight the importance of keeping an eye out for multiple attacks happening simultaneously and having disaster recovery plans in place - especially for emergency services.
Healthcare organizations that rely too heavily on HIPAA compliance are coming up short when it comes to security, says Jennings Aske, an attorney who's CISO at New York-Presbyterian. A far better approach, he says, is to rely on the NIST cybersecurity framework or other comprehensive frameworks.