An army of 40,000 small office/home office routers have been exploited by automated malware. But who's responsible for devices being vulnerable: vendors for using well-known defaults; or distributors and IT managers for not locking them down?
Security vulnerabilities in certain infusion pumps manufactured by Hospira could allow an unauthorized user to alter the dose the devices deliver, the FDA warns. Just a few months ago, the FDA issued a medical device security guide.
An amended version of the 21st Century Cure bill has passed its first Congressional hurdle without revisions to provisions that would significantly change the HIPAA Privacy Rule. The bill also would set penalties for blocking information sharing.
The FTC will not call a witness to refute damaging testimony by a former employee of Tiversa, the firm at the center of the FTC's security case against medical testing company LabMD. The case could proceed to closing arguments in the coming weeks.
Fraudsters have been hacking into and draining Starbucks accounts, customers report. Security experts say attackers appear to be guessing weak account passwords, then using funds to fill up gift cards destined for the black market.
President Obama is strongly urging the House and Senate to pass the USA Freedom Act, a bipartisan bill that would ban the National Security Agency's bulk collection of metadata on American citizens' telephone calls.
Automating the process of excising personally identifiable information when sharing data is a challenge that the Defense Advanced Research Projects Agency hopes to overcome. DARPA will spend up to $60 million to fund projects to address the problem.
Some privacy experts are concerned that a proposed "21st Century Cures" bill would weaken HIPAA privacy protections for patient data. The measure is designed to help speed up the development of new drugs and treatments.
Legal experts say the majority of class-action lawsuits filed in response to data breaches fail, and that's unlikely to change unless lawmakers or the courts rethink notions of "injury" and "harm" to encompass more than just fraud.
Testimony in the FTC's data security case against LabMD raises questions about the credibility of sources and evidence that the commission relies on in its pursuit of data security enforcement actions. But what will happen next in this case?