In its sixth HIPAA resolution agreement so far in 2015, the HHS Office for Civil Rights has announced a settlement with the University of Washington Medicine that includes a $750,000 penalty. It's the first HIPAA enforcement case stemming from the investigation of a phishing-related breach.
Twitter has issued its first-ever alerts to some users that they may have been "targeted by state-sponsored actors." Some cryptographers, software developers and security experts say they have received the alerts.
The recent discovery of stacks of paper patient records in dumpsters at an Ohio recycling center offers an important reminder: Any effort to safeguard patient information must include not just high-tech breach prevention measures but also proper policies on the disposal of paper records.
Two new malware reports - one from security researchers at technology giant Cisco, another from cybersecurity firm FireEye - demonstrate how developers continue to refine malicious code to maximize information-stealing and extortion potential.
A federal audit of three California Medi-Cal (Medicaid) managed care organizations found dozens of "high risk" security control vulnerabilities. But security experts say the problems identified, unfortunately, are common throughout the healthcare sector.
A former U.S. State Department employee has pleaded guilty to running a "sextortion" scheme from the U.S. Embassy in London that was designed to compel young women to share sexually explicit photographs, according to the FBI.
A former member of the NullCrew hacking group has pleaded guilty to participating in attacks against several organizations, including Bell Canada, Comcast and the U.K.'s Ministry of Defense, which the gang claimed to have exploited via SQL injection flaws.
Wyndham Worldwide Corp. has agreed to a settlement with the FTC over charges stemming from the hotel chain's three security breaches in 2008 and 2009 that exposed 619,000 payment cards and other personal information.
The Data Security Act of 2015, approved by the House Financial Services Committee, would create a national data breach notification requirement and spell out data security standards businesses must follow, usurping 47 state laws.
Another healthcare organization has disclosed that the FBI has detected a cyberattack on its computer network exposing information about its patients. Security experts expect more alerts from the FBI and call on organizations to ramp up breach detection.
Australian police have raided the Sydney home of cryptographer and entrepreneur Craig Wright, who's been named as being the suspected creator of the bitcoin cryptocurrency. Has the real "Satoshi Nakamoto" finally been unmasked?
Hundreds of millions of PCs are at risk of being remotely exploited, after a security researcher released proof-of-concept exploit code for separate, newly discovered flaws in software preinstalled on systems by Dell, Lenovo and Toshiba.
Following the shootings in San Bernardino, Calif., which left 14 people dead, President Obama used an Oval Office address to call on technology firms to help law enforcement agencies better monitor "the flow of extremist ideology."
Dorkbot - one of the world's most prevalent crimeware toolkits - has been disrupted by an international law enforcement and security research firm effort. But similar previous disruptions have failed to eradicate the malware.
In yet another HIPAA enforcement action by a state attorney general, the New York AG has fined the University of Rochester Medical Center after a nurse practitioner gave patients' information to her future employer without getting the patients' permission.