Should Staff Ever Use Personal Devices to Access Patient Data?

Marianne Kolbasuk McGee • August 14, 2018

When is it acceptable to allow healthcare workers to use their personal smartphones to access patient records? A recent incident at the Oklahoma Department of Veterans Affairs spotlights the dilemma.

Awareness & Training

Why Third-Party Risk Management Is a Top Priority for CISOs

Latest

Data Breach

AT&T Sued Over $24 Million Cryptocurrency SIM Hijack Attacks

Jeremy Kirk • August 16, 2018

A cryptocurrency investor is suing AT&T for $240 million, alleging he lost $24 million in virtual currency after the carrier failed to stop two separate attacks where his phone number was commandeered by attackers. The incident highlights the dangers of using a phone number as an authentication channel.

Data Breach

Intel Has a New Speculative Execution Issue: Foreshadow

Jeremy Kirk • August 15, 2018

The Meltdown and Spectre attacks from earlier this year showed how the quest to make CPUs run faster inadvertently introduced serious security vulnerabilities. Now, researchers have unveiled a new attack called Foreshadow that builds on those findings, affecting millions of Intel processors made over the past five...

ATM Fraud

FBI Warns Of Pending Large Scale ATM Cashout Strike

Jeremy Kirk • August 14, 2018

The FBI warns that cybercriminals are planning a large-scale operation aimed at emptying ATMs, a type of attack that has caused swift and costly losses for financial institutions. The attack may utilize data from a breach of an unknown card issuer, the FBI says.

Data Breach

D-Link Routers In Brazil Fall To DNS Tampering

Jeremy Kirk • August 13, 2018

Cybercriminals in Brazil have capitalized on older vulnerabilities in D-Link routers for financially motivated phishing attacks. The attackers changed DNS settings to use their own malicious DNS server, allowing for seamless shifts to phishing sites.

Anti-Malware

Are Legacy Medical Device Security Flaws Going Unfixed?

Marianne Kolbasuk McGee • August 13, 2018

Many medical device makers appear to building better cybersecurity into their products, but some manufacturers are still avoiding fixing vulnerabilities in legacy devices that pose potential safety risks, says security researcher Billy Rios, who discusses the latest flaws in some Medtronic cardiac devices.

Endpoint Security

Tracking Cybersecurity Threats in Manufacturing

Nick Holland • August 13, 2018

With the rise of the industrial internet of things comes a far broader attack surface in the manufacturing sector. Chris Morales of Vectra outlines findings of a new report on cyberattack trends in the manufacturing sector.

Compliance

HIPAA Security Rule Turns 20: It's Time for a Facelift

Marianne Kolbasuk McGee • August 10, 2018

As the HIPAA security rule turns 20, it's time for regulators to make updates reflecting the changing cyberthreat landscape and technological evolution that's happened over the past two decades, says security expert Tom Walsh.

Application Security

New Privacy Issues for Amazon

Nick Holland • August 10, 2018

An analysis of the privacy issues Amazon will face as it dives deeper into the healthcare business leads the latest edition of the ISMG Security Report. Also featured: A preview of ISMG's Security Summit in New York Aug. 14-15.

Application Security

Numerous OpenEMR Security Flaws Found; Most Patched

Marianne Kolbasuk McGee • August 9, 2018

Nearly two dozen security weaknesses in OpenEMR - open source electronic medical record and practice management software - left patient data vulnerable to cyberattacks before most were patched, according to the London-based security research firm Project Insecurity.

Application Security

WhatsApp: Check Point's Flaw Findings Don't Merit Patches

Jeremy Kirk • August 9, 2018

Check Point says it has found three ways to falsify messages in WhatsApp, which it claims could be employed by scammers and used to spread fake news. WhatsApp acknowledges the findings, but it will not engineer patches.

Application Security

DevSecOps: The Keys to Success

Suparna Goswami • August 9, 2018

Although there's widespread agreement that addressing security early in the software development cycle is an essential component to any breach prevention strategy, implementing DevSecOps can prove challenging.

Cybersecurity

Bitfi Gets Pwnies Award for 'Lamest Vendor Response'

Mathew J. Schwartz • August 9, 2018

Hubris has a new name: Bitfi. The cryptocurrency wallet-building company, backed by technology eccentric John McAfee, earned this year's not-so-coveted Pwnies Award for "Lamest Vendor Response" for how it mishandled security researchers' vulnerability disclosures. Bitfi has promised to do better.