In its second HIPAA settlement revealed this week, federal regulators smacked a New York-based medical research institute with a multimillion dollar penalty after investigating a breach tied to the theft of an unencrypted laptop containing data on several thousand patients and participants in a research project.
In revised guidance, the National Institute of Standards and Technology cautions enterprises to assume that "external environments contain hostile threats" as they establish programs to allow employees and contractors to remotely access critical systems.
Attackers have targeted an unknown number of Russia's 700 banks with bogus security-alert emails. The combination of official-looking infrastructure and digitally signed malware recalls the Anthem attack, among other campaigns.
Apple has unloaded another blistering legal response to the Justice Department over the court order obtained by the FBI that requires the company to help unlock an iPhone used by one of the San Bernardino shooters.
A new report suggests that a Chinese cyber espionage APT attack group is behind a string of targeted ransomware infections that have slammed U.S. firms. Dig into the details, however, and the report is nothing but speculation, two security experts caution.
The HHS Office for Civil Rights is moving too slowly in issuing HIPAA guidance related to mobile health apps, cloud storage and other emerging technologies, according to a bipartisan group of congressmen. Does OCR have too much on its plate?
In a filing rebutting Apple's appeal of a court order requiring the company to help the FBI unlock the iPhone used by a shooter in the San Bernardino massacre, the Justice Department says Apple's rhetoric is "false" and "corrosive" to the institution that safeguards Americans' liberties and rights.
The nonstop pace of "Apple vs. FBI" updates and related crypto debates seemed to exceed both the U.S. government's and the information security industry's advanced persistent spin-cycles at this year's RSA Conference.
A laptop stolen from a locked office of an Indiana-based physician group practice may be the largest breach involving an unencrypted computing device reported so far this year. But the HHS breach tally seems to indicate that healthcare providers are making progress in preventing such breaches.
Webroot has just released its 2016 edition of its annual threat brief. In an exclusive interview, Michael Malloy, executive vice president of products and strategy, discusses the report and how its key findings will likely play out in the year ahead.
Virginia Gov. Terry McAuliffe has a message for state leaders across the nation: Cybersecurity has to be a top item on their policy platforms. And, by the way, he very much intends to make Virginia the cyber capital of the United States.
Apple's standoff with the U.S. government is creating a healthy debate about whether federal investigators, under certain circumstances, should have the right to circumvent the security functions of smartphones and other devices, says cybersecurity attorney Chris Pierson.
Healthcare organizations must take several important steps to protect their environments against ransomware attacks, says Mac McMillan, CEO of the security consulting firm CynergisTek. He outlines key measures in this interview.
The discovery of a serious flaw in Linux's GNU C Library demonstrates just how long serious flaws can persist in code that underpins the Internet infrastructure, warns Dan Kaminsky of White Ops in this video interview.
From the moment the RSA Conference 2016 launched, speakers began debating the merits of the Apple/FBI case. Eminent cryptographers, NSA Director Mike Rogers and U.S. Attorney General Loretta E. Lynch all offered related opinions.