Don't forget to lock down online shared code repositories, as Mercedes-Benz parent company Daimler AG learned the hard way after a researcher was able to access nearly 9 GB of software development documentation from a misconfigured GitLab repository.
As COVID-19 rages and technology firms race to develop contact-tracing apps and other digital tools to help contain the spread, congressional Democrats have followed Republicans in introducing privacy legislation aimed at protecting consumer data collected during public health emergencies.
Security experts and law enforcement officials have long argued that paying ransoms doesn't pay. For starters, it directly funds the cybercrime ecosystem and makes it attractive for criminals to keep launching ransomware attacks.
Phishing scams continue to be a leading cause of health data breaches so far this year. But the theft of unencrypted laptops led to the biggest breach reported in 2020, and an insider breach involving a physician exposed data on thousands of patients.
The Federal Trade Commission is assessing whether to make changes to a seldom-used, decade-old health data breach notification rule for certain technology vendors that do not fall under the umbrella of HIPAA.
In honor of World Password Day, here's a task for every organization that uses remote desktop protocol: Ensure that all of your organization's internet-facing RDP ports have a password - and that it's complex and unique.
Federal regulators are alerting healthcare organizations about an array of coronavirus-themed cyberthreats. Plus, they're advising them to avoid potential HIPAA privacy violations involving unauthorized disclosures of patient information to news outlets during the COVID-19 crisis.
Despite the need to battle COVID-19, several nations' in-development digital contact-tracing apps are already dogged by security and privacy concerns. Whether enough users will ever trust these apps to make them effective remains a major question. Is it too late to get more projects back on track?
Forget "whitelists" and "blacklists" in cybersecurity. So recommends Britain's National Cyber Security Center, in a bid to move beyond the racial connotations inherent to the terminology. Henceforth, NCSC - part of intelligence agency GCHQ - will use the terms "allow list" and "deny list." Will others follow?
Technology is no panacea, including for combating COVID-19. While that might sound obvious, it's worth repeating because some governments continue to hype contact-tracing apps. Such apps won't magically identify every potential exposure. But they could make manual contact-tracing programs more effective.
A shareholder has filed a lawsuit against LabCorp and 12 of its executives and directors - including the medical testing company's CIO - over two data breaches, including the 2019 breach of one of its vendors, American Medical Collection Agency, which affected millions of patients.
Nearly 10 months after Facebook and the FTC agreed to a record-setting $5 billion settlement over misuse of user data, a federal judge has finally signed off on the deal, while questioning the adequacy of laws governing major technology firms.
As the COVID-19 pandemic continues, Britain's privacy watchdog has signaled that although privacy rights and transparency - as enshrined under GDPR - remain paramount, it will take a more "flexible" regulatory approach. But this is no data breach "get out of jail" card, legal experts warn.
Three recently disclosed health data security incidents - including the discovery of a large email hack that happened nearly a year ago - serve as reminders of the ongoing incident response challenges facing healthcare organizations. And these difficulties are likely to worsen during the COVID-19 crisis.
Alongside the sad and vast expense of legitimate claims, it is an unfortunate fact that in times of economic hardship, people have a history of taking any opportunity to exploit financial institutions for ill-gotten gain.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.com, you agree to our use of cookies.