Our goal with this report has always been to track the ever-shifting contours of the cyber-threat landscape and communicate what
we're seeing to our readers.
Generally speaking, the TLI is based on the premise that if organizations are seeing more threats more frequently, then things are
getting worse. If the...
The healthcare sector is making progress in moving from a reactive to a proactive approach to cybersecurity as it learns lessons from other sectors, including financial services, says Greg Garcia, executive director for cybersecurity at the Healthcare and Public Health Sector Coordinating Council.
Common data security mistakes made by many organizations including having a static security plan that doesn't evolve, focusing solely on compliance and not testing incident response plans, says Monique Kunkel of NTT Data Services.
Federal regulators have slapped a company that provides contracted physicians to hospitals and nursing homes with a $500,000 HIPAA settlement in a breach case involving the lack of a business associate agreement with an individual providing billing services.
One of the most significant cybersecurity challenges facing the healthcare sector is coming up with strategies that work for organizations of broadly varying sizes, says Mark Jarrett, M.D., of Northwell Health.
A failure to patch systems and slipups that lead to insider threats are two major causes of breaches in the healthcare sector that need to be urgently addressed, says Anahi Santiago of Christiana Care Health System.
Marriott's mega-breach underscores the challenges companies face in securing systems that come from acquisitions as well as simply storing too much consumer data for too long, computer security experts say. Meanwhile, the hotel giant has yet to answer many pressing data breach questions.
The latest version of the NIST Cybersecurity Framework - Version 1.1 - includes more information on supply chain risk management, authentication, authorization, identity proofing and self-assessing cybersecurity risk management, says Matthew Barrett of the National Institute of Standards and Technology.
French film production and distribution company Pathe fired the two senior managers overseeing its Dutch operations after they fell victim to a business email compromise scam and approved $21 million in transfers to fraudsters. Many organizations remain at high risk from such scams.
According to the 2017 Identity Theft Resource Center (ITRC) Data Breach Report, healthcare was the second most significant contributing industry to overall data breaches with 334 breaches reported. Data breaches are crippling to any business, but are extra hard on healthcare organizations, considering the vast amount...
Georgia quietly fixed two flaws in its voter registration website that could have exposed personal information. How the secretary of state's office discovered the flaws and reacted suggests it may have erred when making a sensational accusation against the Democrats on the eve of the U.S. midterm elections.
Months after the New Jersey attorney general's office smacked a medical practice with a hefty penalty for a 2016 breach, the office has signed a $200,000 settlement with the group's business associate that was responsible for the incident and banned its owner from managing or owning a business in the state.
After an initial effort got off to a rocky start, the Department of Health and Human Services has started over, making a second attempt at launching a cyber coordination center that aims to help the healthcare sector improve its defenses and boost information sharing. Will the latest effort prove successful?
An advisory council is again urging the Department of Health and Human Services to allow certain donations of cybersecurity technology and services to smaller healthcare providers. Greg Garcia of the council, who will keynote ISMG's upcoming Healthcare Security Summit in New York, explains why.