Super Micro: Audit Didn't Find Chinese Spying Chip

Jeremy Kirk • December 14, 2018

Super Micro Computer says a third-party audit of its recent and older motherboards has not turned up evidence of a spying chip as alleged in an explosive report two months ago by Bloomberg BusinessWeek. Bloomberg, however, has stood by its story despite no physical example of the malicious chip turning up.

Breach Response

After Mega-Breach, Marriott May Pay for New Passports

Latest

Data Breach

A Second State Hits EmblemHealth With Breach Fine

Marianne Kolbasuk McGee • December 14, 2018

For the second time this year, health insurer EmblemHealth has been hit with a state financial penalty in connection with a 2016 breach that exposed Social Security numbers on mailings to more than 81,000 plan members.

Breach Response

Breach Response: When to Involve the Board and PR

Tom Field • December 14, 2018

In the wake of the recent Marriott and National Republican Congressional Committee data breaches, now is the time to get your board's attention regarding breach response and public disclosures. Attorney Mark Rasch offers insights for preparing and practicing response plans.

Artificial Intelligence & Machine Learning

How to Maximize Data Used to Fight Fraud

Tom Field • December 14, 2018

The data being used to drive effective anti-fraud efforts can be rich in context and useful for other activities. Jim Apger of Splunk describes emerging fraud schemes and solutions, highlighting the role of machine learning.

Fraud Management & Cybercrime

Mitigating Identity Deception

Tom Field • December 14, 2018

The fraudsters have more tools and information than ever at their disposal to pull off socially engineered schemes. But how can the victims turn the tables? Agari's Andrew Coyle discusses new tools and strategies to improve defenses.

Breach Response

Did China Hack Marriott, Or Is This Fake News?

Nick Holland • December 14, 2018

The latest edition of the ISMG Security Report features an analysis of the validity of reports that China is behind the massive Marriott data breach. Also: Fascinating details in a Congressional report on the Equifax breach, and a clear explanation of "self-sovereign identity."

Electronic Healthcare Records

HHS Seeks Feedback on Potential HIPAA Changes

Marianne Kolbasuk McGee • December 13, 2018

Will the Department of Health and Human Services' request for feedback on potential changes to HIPAA eventually result in modifications to the regulation, including certain provisions that touch on privacy and security issues? There's a long road to travel before any changes actually might get made.

Data Breach

HIPAA Case: Hospital Fined for Ex-Employee's Access to PHI

Marianne Kolbasuk McGee • December 12, 2018

In its third enforcement action in recent weeks, federal regulators have hit a Colorado medical center with a HIPAA fine in a case involving failure to terminate a former employee's remote access to patient data. Other organizations can use the case as a "teachable moment," one attorney advises.

General Data Protection Regulation (GDPR)

GDPR: 8,000 Data Breach Reports Filed So Far in UK

Mathew J. Schwartz • December 10, 2018

The U.K.'s privacy watchdog says that six months after enforcement of the EU's General Data Protection Regulation began, it's seen a dramatic increase in data breach reports - as well as privacy complaints from the public.

Artificial Intelligence & Machine Learning

A CISO's View on Analytics in Healthcare Security

Tom Field • December 10, 2018

The marketers would have us believe that machine learning and behavioral analytics are the keys to unlocking the future of healthcare information security. But Vikrant Arora, CISO of the Hospital for Special Surgery in New York, offers a more practical outlook.

3rd Party Risk Management

Healthcare Responds to Need to Improve Vendor Oversight

Tom Field • December 10, 2018

As regulators increasingly focus on third-party risk, healthcare organizations are entering more strategic partnerships with their critical vendors. And the effort is paying off with improved vendor risk management, says Mitch Parker, CISO of Indiana University Health System.

Cybersecurity

Why Banking Needed a New Cybersecurity Profile

Tom Field • December 10, 2018

The Financial Services Sector Coordinating Council recently unveiled the Cybersecurity Profile - a framework that integrates widely used standards and supervisory expectations to help financial institutions develop cyber risk management programs. Josh Magri of the Bank Policy Institute outlines key elements.

3rd Party Risk Management

Another Electronic Health Records Vendor Hacked

Marianne Kolbasuk McGee • December 7, 2018

Yet another cyberattack against a cloud-based electronic health records vendor has been revealed. This one involved a ransomware attack that potentially exposed data on 16,000 patients of a California eye clinic. What can healthcare organizations do to minimize vendor risks?