SIM hijacking attacks can result in account compromises by stealing one-time passcodes sent over SMS.

AT&T Sued Over $24 Million Cryptocurrency SIM Hijack Attacks

Jeremy Kirk • August 16, 2018

A cryptocurrency investor is suing AT&T for $240 million, alleging he lost $24 million in virtual currency after the carrier failed to stop two separate attacks where his phone number was commandeered by attackers. The incident highlights the dangers of using a phone number as an authentication channel.

Data Breach

China Hacking Underground Shows Rising Prowess

Latest

Breach Preparedness

Cyber Warnings About Certain Philips Medical Devices

Marianne Kolbasuk McGee • August 16, 2018

The Department of Homeland Security and Philips have issued alerts about cyber vulnerabilities that have been identified in some of the company's medical devices. Are device makers becoming more forthcoming about cyber issues?

Next-Generation Technologies & Secure Development

Analysis: Updates to STIX, TAXII Standards

Varun Haran • August 16, 2018

The STIX and TAXII standards for threat intel interchange have undergone a major upgrade to v2.0. LookingGlass CTO Allan Thomson, who's been closely involved in its development, describes the role of these enhanced standards.

Blockchain Applications

How Hackers Are Targeting Initial Coin Offerings

Jeremy Kirk • August 15, 2018

The proliferation of cryptocurrency and blockchain projects is posing enticing new opportunities for hackers, says Aleksandr Lazarenko of Group-IB.

Breach Preparedness

HHS OIG Finds Security Flaws in Maryland's Medicaid System

Marianne Kolbasuk McGee • August 15, 2018

Maryland's Medicaid system has "numerous significant" security weaknesses that need to be addressed, according to a federal watchdog agency. Earlier audits of other state Medicaid programs have yielded similar results

Business Continuity/Disaster Recovery

Should Staff Ever Use Personal Devices to Access Patient Data?

Marianne Kolbasuk McGee • August 14, 2018

When is it acceptable to allow healthcare workers to use their personal smartphones to access patient records? A recent incident at the Oklahoma Department of Veterans Affairs spotlights the dilemma.

Compliance

HIPAA Security Rule Turns 20: It's Time for a Facelift

Marianne Kolbasuk McGee • August 10, 2018

As the HIPAA security rule turns 20, it's time for regulators to make updates reflecting the changing cyberthreat landscape and technological evolution that's happened over the past two decades, says security expert Tom Walsh.

Application Security

New Privacy Issues for Amazon

Nick Holland • August 10, 2018

An analysis of the privacy issues Amazon will face as it dives deeper into the healthcare business leads the latest edition of the ISMG Security Report. Also featured: A preview of ISMG's Security Summit in New York Aug. 14-15.

Application Security

Numerous OpenEMR Security Flaws Found; Most Patched

Marianne Kolbasuk McGee • August 9, 2018

Nearly two dozen security weaknesses in OpenEMR - open source electronic medical record and practice management software - left patient data vulnerable to cyberattacks before most were patched, according to the London-based security research firm Project Insecurity.

Application Security

DevSecOps: The Keys to Success

Suparna Goswami • August 9, 2018

Although there's widespread agreement that addressing security early in the software development cycle is an essential component to any breach prevention strategy, implementing DevSecOps can prove challenging.

Cybersecurity

Bitfi Gets Pwnies Award for 'Lamest Vendor Response'

Mathew J. Schwartz • August 9, 2018

Hubris has a new name: Bitfi. The cryptocurrency wallet-building company, backed by technology eccentric John McAfee, earned this year's not-so-coveted Pwnies Award for "Lamest Vendor Response" for how it mishandled security researchers' vulnerability disclosures. Bitfi has promised to do better.

Data Breach

300,000 Records Found at Hospital Slated for Demolition

Marianne Kolbasuk McGee • August 8, 2018

Documents containing information on more than 300,000 patients were recently discovered on the former campus of a Missouri hospital that's being prepared for demolition four years after the hospital moved to new facilities. The incident illustrates the need to track all paper records that contain PHI.

Awareness & Training

Training to Improve Support of Product Security

Tom Field • August 8, 2018

The Forum of Incident Response and Security Teams recently announced the release of new training resources to help organizations build and improve product security incident response teams. Damir "Gaus" Rajnovic of FIRST discusses the global need for these resources.