Blunting Yahoo's attempt to blame nation-state attackers for its record-breaking breach, security firm InfoArmor says it's traced the 2014 hack to a cybercrime gang that's quietly resold the stolen data several times over.
A new watchdog agency report says HHS needs to provide much more guidance on how healthcare organizations should implement controls identified by the NIST Cybersecurity Framework. But some security experts are calling for bolder action - an update of the HIPAA Security Rule.
A new cyberattack trend report from Europol notes that while online criminals continue to refine their capabilities, old and unsophisticated attacks too often still succeed, thanks to poor digital hygiene and a lack of security by design and user awareness.
House Homeland Security Committee Chairman Michael McCall calls on Congress to increase spending on quantum computing research to ensure that the United States is the first nation to employ quantum computing as a tool to decrypt data. "We can't lose this one to the Chinese," he says.
The more than 11,000 financial institutions that use the SWIFT interbank messaging network must annually prove they comply with its new cybersecurity standards or face being reported to regulators and business partners.
Federal regulators have entered a $400,000 settlement with an organization that provides centralized corporate support services for a number of New England-area covered entities, citing the lack of an updated business associate agreement. What lessons can be learned from the settlement?
Most enterprises, when addressing mobile security, focus on securing applications, such as the devices' operating systems, or preventing the installation of malware. But NIST cybersecurity experts say organizations should take a much broader approach to ensuring mobile security.
A recent court ruling illustrates yet another way patient privacy can be compromised. A federal bankruptcy court slapped WakeMed Health and Hospitals with financial penalties for exposing patient information in filings it made for cases.
Yahoo's disclosure of 500 million stolen accounts, one of the largest-ever data breaches, comes after months of dark-web chatter that indicated the company may be the next victim following Twitter, LinkedIn and Dropbox.
A recent incident involving a vendor using a Boston clinic employee's credentials to inappropriately access patient data via a regional health information exchange illustrates the potential risks involved as the use of HIEs continues to grow.
A group of cybersecurity policymakers recommends a series of steps the U.S. federal government and the private sector should take to ensure that the nation will have enough cybersecurity specialists in the coming decade.
Three recent criminal cases involving hospital insiders who allegedly committed a variety of fraud, identity theft or egregious privacy violations that victimized patients highlight just how difficult it is to mitigate insider threats.