If intelligence or law enforcement agencies know that an organization's information systems are being attacked, when should they alert the victim, if at all? What if the victim is a political party? Here's a look at the issues raised by the Democratic National Committee hack investigation.
The recent cyberattack on Banner Health Care, which may have compromised information on as many as 3.7 million individuals, appears to be the largest healthcare data breach reported so far in 2016 - a year that's already seen a string of disturbing hacker attacks. Here's an overview of recent cyberattack trends.
Russia, which some have blamed for attacks against the Democratic Party in the U.S., has offered a detailed description of coordinated cyberattacks against its scientific, public authority and military institutions. Is the announcement a tit-for-tat move after the charges of Russian involvement in U.S. hacks?
New federal guidance that describes processes in the current round of HIPAA compliance audits - which could lay the foundation for future rounds of audits - illustrates the massive amount of documentation demanded for these "desk audits."
The nation's HIPAA enforcement agency has dramatically ramped up its issuance of breach-related financial penalties. In the ninth enforcement action of 2016, it slapped University of Mississippi Medical Center with a $2.75 million fine after a breach investigation revealed big security woes.
The GOP platform - adopted at the convention that nominated Donald Trump for president - doesn't mention the term 'hack back' but states: "We ... make clear that users have a self-defense right to deal with hackers as they see fit." Some cybersecurity experts claim the platform encourages "cowboy" justice.
The Chinese government likely was responsible for the hacking of computers at the Federal Deposit Insurance Corp. in 2010, 2011 and 2013, according to a new congressional report. Also, a new audit from the FDIC inspector general criticizes the agency for continued lax information security practices.
Most ransomware attacks result in a breach of protected health information that must be reported under HIPAA, according to newly released federal guidance for healthcare entities and business associates. But is the guidance clear enough?
Omni Hotels & Resorts is warning customers that for six months, hackers infiltrated its networks and used point-of-sale malware to steal payment card data. One security expert says more than 50,000 stolen cards have been sold by a hacker called JokerStash.
Would access to better information pertaining to encryption help Congress pass good crypto-related laws? That's the impetus behind a "Digital Security Commission" and a related report being hawked by some lawmakers.
Preparing for data breaches - to detect them quickly, respond appropriately and ascertain exactly what happened - can help make the difference between a security incident having major or minor repercussions, says CrowdStrike CEO George Kurtz.
While awaiting new guidance from the HHS Office for Civil Rights, healthcare organizations can take several steps to help determine whether a ransomware attack is a reportable breach under HIPAA, says compliance attorney Betsy Hodge.
The theft of an unencrypted laptop that may have contained information on up to 400,000 inmates who served time in California prisons has been added to the federal tally of health data breaches. Experts say notifying all those potentially affected could prove challenging.
MySpace has confirmed it is resetting millions of accounts affected by the release of 360 million usernames, email addresses and passwords. According to one expert, more of these types of big breach announcements may be coming.
Since California passed its pioneering data breach notification law in 2003, many other states and some countries have followed suit. Here's a closer look at the status of breach notification requirements in four regions.