Ransomware attacks against hospitals are becoming commonplace this year, with at least five incidents revealed in recent weeks. What steps can organizations take to avoid falling victim to these attacks?
In many enterprises, the CISO reports to the CIO, and occasionally you find a CIO who reports to the CISO. But Venafi's Tammy Moskites holds both roles. How does she manage the natural tension between IT and security?
Although the battle over whether the courts should compel Apple to help the FBI unlock the iPhone used by one of the San Bernardino shooters is on hold for now, the debate over the privacy issues involved isn't going away, says Greg Nojeim of the Center for Democracy and Technology.
A dearth of actuarial data stymies the growth of the cyber insurance market, experts told Congress at a March 22 hearing. A repository of such data would provide more information to support creation of policies and help enterprises gain a better understanding of the risks they face, they testified.
HHS says it has launched "phase two" of its HIPAA compliance audit program, portraying this as another interim step toward a permanent program. But will Congress ever approve enough funding to ramp up audits?
The Department of Justice has been granted a delay of a March 22 hearing relating to a court order compelling Apple to help the FBI unlock the iPhone 5C issued to San Bernardino shooter Syed Rizwan Farook. That's because it says it may have found a way to unlock the phone without Apple's assistance.
Smaller hospitals and clinics must avoid the common mistake of thinking they won't fall victim to cyberattacks, warns risk management expert Tom Andre, vice president of information services at the Cooperative of American Physicians.
The White House has yet to announce who will be the government's first CISO, a position President Obama announced six weeks ago. In this audio report, experts weigh in on whether there's enough time left for the new information security leader to be effective before the president's term ends.
A watchdog agency's audit of the Department of Veterans Affairs makes nearly three dozen recommendations for how the VA should address "material weakness" in its information security program. The VA's CIO tells Congress all the issues raised will be addressed by the end of next year.
In revised guidance, the National Institute of Standards and Technology cautions enterprises to assume that "external environments contain hostile threats" as they establish programs to allow employees and contractors to remotely access critical systems.
Federal regulators have imposed a $1.55 million penalty on a Minnesota healthcare system as part of a settlement following an investigation of a breach involving a business associate. The vendor has already been sanctioned by two other government entities for the same stolen laptop incident.
Attackers have targeted an unknown number of Russia's 700 banks with bogus security-alert emails. The combination of official-looking infrastructure and digitally signed malware recalls the Anthem attack, among other campaigns.
Although most breach-related class action lawsuits fail, a multimillion dollar settlement of a suit stemming from a data breach at St. Joseph Health System in California illustrates how egregious breaches can have serious financial consequences.
Apple has unloaded another blistering legal response to the Justice Department over the court order obtained by the FBI that requires the company to help unlock an iPhone used by one of the San Bernardino shooters.