Hacking incidents - including ransomware attacks - continue to be the most common type of health data breaches added to the federal tally this year. And the ongoing COVID-19 crisis will put healthcare organizations at heightened risk for such incidents in the months to come, some experts predict.
Darkside is the latest ransomware operation to announce an affiliate program in which a ransomware operator maintains crypto-locking malware and a ransom payment infrastructure while crowdsourced and vetted affiliates find and infect targets. When a victim pays, the operator and affiliate share the loot.
A medical device maker has sued an IT vendor in the wake of an email server migration mishap that exposed the health data of more than 277,000 individuals. The case illustrates the complexities of vendor risk management - especially after mergers and acquisitions.
Cybersecurity is poised to become a higher White House priority when President-elect Joe Biden takes office. And he's expected to renew key international relationships needed in the fight against cyberattacks.
Inadequate database and privileged account monitoring, incomplete multifactor authentication and insufficient use of encryption: Britain's privacy regulator has cited a raft of failures that contributed to the four-year breach of the Starwood guest reservation system discovered by Marriott in 2018.
California voters passed Proposition 24, the California Privacy Rights Act, on Nov. 3, which expands upon the recently activated California Consumer Privacy Act specifically when it comes to enforcement and how businesses handle personal data.
Federal regulators have slapped health insurer Aetna with a $1 million HIPAA settlement for three 2017 breaches - including a mailing incident that exposed HIV information - that occurred within six months.
Dr. Reddy's Laboratories, a multinational pharmaceutical company based in India that's testing a COVID-19 vaccine, says it isolated its data center services Thursday following what it calls a "detected cyberattack."
An indictment unsealed this week demonstrates the degree to which Western intelligence agencies have apparently been able to infiltrate the Russian intelligence apparatus to trace attacks back to specific agencies - and individual operators. Shouldn't Russian spies have better operational security?
VMware Carbon Black is out with its latest Global Incident Response Threat Report, which describes "the perfect storm" for increasingly sophisticated attacks heading into 2021. Cybersecurity strategist Tom Kellermann discusses what that means - and how these trends should inform our defensive strategies.
A security researcher recently discovered an unsecure Elasticsearch database cluster exposed on the internet that contained transcripts of sensitive voicemail messages, including some for medical clinics and financial service companies.
As ransomware continues to slam organizations, a lively debate has ensued about whether ransom payments should be banned in all cases. Attempting to ban ransom payments, however, likely would only make the problem worse.
Stop me if you think that you've heard this one before: The U.S., U.K. and some allied governments are continuing to pretend that criminals will get a free pass - and police won't be able to crack cases - so long as individuals and businesses have access to products and services that use strong encryption.
Plaintiffs in the patent infringement case Centripetal Networks v. Cisco Networks won the day thanks to clear testimony and using Cisco's own technical documents in unaltered form. By contrast, the judge slammed Cisco for offering disagreeing witnesses and attempting to focus on old, irrelevant technology.