Two of the hacker masterminds behind the notorious SpyEye malware have each received lengthy prison sentences after pleading guilty to related charges in U.S. federal court. But alleged Zeus creator and accomplice Evginy Bogachev remains at large.
A North Carolina orthopedic clinic will pay a $750,000 penalty as part of a breach-related federal settlement involving the release of 17,300 X-ray films containing patient information to a vendor without having a business associate agreement in place, as required under HIPAA.
Does a federal appellate court's decision allowing a breach-related class-action lawsuit against restaurant chain P.F Chang's to move forward - and a similar, earlier decision in a case against Neiman Marcus - signal a change in tide for post-breach lawsuits? Legal experts offer widely varying opinions.
A former pharmaceutical company manager faces sentencing in July after pleading guilty to criminal HIPAA violations for his part in a complex fraud scheme involving drug maker Warner Chilcott. Why are criminal HIPAA cases so rare?
A jury's decision to award $940 million in damages to electronic health records software vendor Epic Systems, which had sued India's Tata Consultancy Services alleging theft of trade secrets, serves up lessons about the importance of restricting access to all sensitive data, including intellectual property.
Attackers have been exploiting JBoss application servers to install remote-control web shells as part of a campaign that targets enterprises with network-hopping SamSam (a.k.a. Samas) ransomware, researchers at Cisco Talos warn.
A cybercrime gang has been using new malware to target business customers of banks in the United States and Canada and steal millions of dollars, primarily from business accounts, researchers at the IBM X-Force security group warn.
Russian authorities have reportedly sentenced Dmitry "Paunch" Fedotov, the developer of the notorious Blackhole exploit kit that's been linked to large amounts of fraud, to seven years in prison - an unusually severe sentence for online crime in that nation.
A data security incident at the American College of Cardiology, which potentially affected nearly 98,000 patients at 1,400 medical institutions, points to the need to refrain from using real patient data in test environments as well as the importance of properly securing those environments.
Keith Alexander, former National Security Agency director, and Patrick Gallagher, who once headed the National Institute of Standards and Technology, will join Ajay Banga, chief executive of MasterCard, on the new Commission on Enhancing National Cybersecurity.
By a 28-0 vote, the House Judiciary Committee has approved legislation to require law enforcement to obtain a warrant before compelling third-party providers, including those offering cloud services, to surrender their customers' email and text content.
Is it ever acceptable for ransomware victims to pay a ransom to obtain the decryption key required to restore access to their data? Due to poor preparation, many organizations continue to face that question.
Backed by its own logo, Badlock refers to a set of critical Samba vulnerabilities in Windows and most Unix/Linux operating systems, which attackers could exploit to launch man-in-the-middle attacks against corporate networks.
Recent data breaches in Washington state and Florida illustrate that government health agencies can be just as vulnerable to security incidents involving sloppy breach prevention or detection practices as healthcare organizations in the private sector.