In a groundbreaking effort, the attorneys general of a dozen states have jointly filed a federal lawsuit against a cloud-based electronic health records vendor that reported a 2015 data breach affecting 3.9 million individuals.
Federal regulators have slapped a company that provides contracted physicians to hospitals and nursing homes with a $500,000 HIPAA settlement in a breach case involving the lack of a business associate agreement with an individual providing billing services.
A severe vulnerability in Kubernetes, the popular open-source software for managing Linux applications deployed within containers, could allow an attacker to remotely steal data or crash production applications. Microsoft and Red Hat have issued guidance and patches; they recommend immediate updating.
One of the most significant cybersecurity challenges facing the healthcare sector is coming up with strategies that work for organizations of broadly varying sizes, says Mark Jarrett, M.D., of Northwell Health.
A failure to patch systems and slipups that lead to insider threats are two major causes of breaches in the healthcare sector that need to be urgently addressed, says Anahi Santiago of Christiana Care Health System.
Next to corporate communications that claim that "your security is important to us," any website post titled "security update" portends bad news. So too for question-and-answer site Quora, which says a hack exposed 100 million users' personal details, including hashed passwords and private content.
The Black Hat Europe information security conference returns to London, featuring 40 research-rich sessions covering diverse topics, including politically motivated cyberattacks, recovering passwords from keyboards thanks to thermal emanations, hacking Microsoft Edge and detecting "deep fakes."
A security review of two Medicaid managed care organizations in Arizona revealed several significant access control and configuration vulnerabilities, raising concerns about whether other MCOs face similar challenges.
Marriott's mega-breach underscores the challenges companies face in securing systems that come from acquisitions as well as simply storing too much consumer data for too long, computer security experts say. Meanwhile, the hotel giant has yet to answer many pressing data breach questions.
A formal security program that spells out precise governance components is critical to protecting sensitive data, says Vito Sardanopoli, who served on the U.S. Department of Health and Human Services Healthcare Industry Cybersecurity Task Force.
Because phishing attacks are so pervasive, aggressive staff educational efforts are essential, says Richard Conti of The Children's Hospital of Philadelphia, who also discusses other risk mitigation steps.
Will Marriott be the first organization that lost control of Europeans' personal data to feel the full force of the EU's General Protection Regulation? With GDPR in full effect since May, organizations with data security practices face the potential of massive fines.