Gaps in federal regulations concerning the security and privacy of health data falling outside HIPAA's umbrella are getting filled to some extent by various state laws. But that's creating additional challenges, says privacy attorney Kirk Nahra of the law firm WilmerHale.
The ISMG Security Report analyzes the latest updates on the Ukraine-Russia crisis and offers cyber resiliency tips for organizations. It also describes how the Conti ransomware group has hired TrickBot malware developers and revisits one of the largest ransomware attacks ever in the U.S.
The "weaponization of data" in cyberattacks - where cybercriminals not only deploy ransomware but threaten to release stolen data on the internet - has quickly become one of the biggest threats facing many healthcare sector entities, says Adam Meyers of CrowdStrike.
In 2019, 23 cities across Texas were struck by one of the largest ransomware attacks ever in the U.S. The attack, which involved the REvil ransomware, started with a compromised managed service provider. While the cities recovered quickly, the MSP sustained irreparable damage.
The latest edition of the ISMG Security Report features an analysis of takedowns of multiple Russian-language cybercrime markets and communities by Russian authorities. It also describes the role of cryptocurrencies in the banking sector and how the identity market will evolve in 2022.
You can see it in the headlines: Apps are a prominent vector for adversaries to get entry into organizations and access to the digital crown jewels. Daniel Shugrue of Digital.ai tells why "shift left" means far more than just testing software for vulnerabilities.
This edition of the ISMG Security Report analyzes what prosecutors say is the biggest cryptocurrency seizure in U.S. history as well as the biggest financial seizure. It also details how a school district CISO resigned over the district's handling of a severe data breach and busts Zero Trust myths.
Jeff Williams, co-founder and CTO of Contrast Security, says people have a right to know if the products they use are secure. It's difficult to tell if software is secure, he says, so companies need incentives to build good security programs, improve their software and disclose any flaws they find.
Michael Hamilton, CISO at security firm Critical Insight, discusses health data breach trends. The bad news: The number of major breaches reported to regulators in 2021 hit a record high. The good news: The rate of breaches reported last year compared to 2020 appears to be slowing down.
It is essential that entities across all industries - and especially in healthcare - better prepare every type and level of worker on how to respond to potentially devastating ransomware attacks, says privacy and security attorney Erik Weinick of law firm Otterbourg PC.
The latest edition of the ISMG Security Report features an analysis of how Russia's escalation in Ukraine is raising cyber defense alarms. It also describes how a Dark Overlord collaborator received a three-year prison sentence and shares tips for Zero Trust implementation.
As ransomware and other disruptive security incidents continue to surge, cyberattacks rank as the top health technology hazard in hospital environments this year, say security experts Chad Waters and Juuso Leinonen of patient safety organization ECRI.
Ravi Patil, director of product management and strategy at Broadcom, says partnering with customers to develop cybersecurity marketing "offers a markedly superior customer experience than a traditional vendor that might just sell the software and walk away until the contract is up."
Healthcare organizations must carefully scrutinize any implementation of applications, software suites and other technology platforms that could contain open-source code because of the risks - including potential patient safety issues - posed by these components, says attorney Steven Teppler.
The latest edition of the ISMG Security Report features an analysis of whether a new ransomware operation is a spinoff of the notorious REvil or simply copying the group's moves; how Maersk responded to the NotPetya wiper malware attack; and essential incident response skills.