In light of rising tensions between the U.S. and Iran, the Association of Executives in Healthcare Information Security recently issued new data security guidance to help the healthcare sector prepare for potential nation-state attacks, says CISO Christopher Frenz, one of the document's authors.
Mitsubishi Electric says hackers exploited a zero-day vulnerability in its anti-virus software, prior to the vendor patching the flaw, and potentially stole trade secrets and employee data. The Japanese multinational firm announced the breach more than six months after detecting it in June 2019.
Alphabet and Google CEO Sundar Pichai is supporting an EU proposal for a temporary ban on the use facial recognition technology in public areas and is calling for government regulation of artificial intelligence.
Citrix has released the first of several patches that address a vulnerability in its Application Delivery Controller and Gateway products that was discovered by researchers in December. If left unpatched, the vulnerability is remotely exploitable and could allow access to applications and internal networks.
Microsoft says it's prepping a patch to fix a memory corruption flaw in multiple versions of Internet Explorer that is being exploited by in-the-wild attackers, and it's issued mitigation guidance. Security firm Qihoo 360 says the zero-day flaw has been exploited by the DarkHotel APT gang.
A bipartisan group of U.S. senators has introduced legislation that would require the Department of Homeland Security to appoint cybersecurity leaders in each state to help combat growing cyberthreats against units of local government.
Are ransomware shakedowns against healthcare entities taking an even uglier turn? In a recent attack against a Florida-based plastic surgery practice, hackers exfiltrated patients' medical records and threatened to leak them unless both the clinic and patients paid ransoms.
The FBI has created a new policy to give "timely" breach notifications to state and local officials concerning election hacking and foreign interference. The updated guidelines look to correct some of the mistakes in the run-up to the 2016 presidential election.
P&N Bank in Perth, Australia, says a server upgrade gone wrong led to the breach of sensitive personal information in its customer relationship management system. The incident is another example how organizations can be imperilled by mistakes on the part of their suppliers.
The latest edition of the ISMG Security Report discusses why Britain is struggling to determine whether to use China's Huawei technology in developing its 5G networks. Plus: An update on a mobile app exposing infant photos and videos online and an analyst's take on the future of deception technology.
A day after the NSA disclosed a significant vulnerability that could affect the cryptographic operations in some versions of Windows, security researchers started releasing "proof of concept" code designed to show how attackers potentially could exploit the flaw. This highlights the urgency of patching.
Iranian-led disinformation campaigns and other cyberthreats against the U.S. are likely to surge in the aftermath of Iranian Major General Qasem Soleimani's death, security and political experts told a House committee Wednesday. That's why federal agencies need to shore up their defenses.
HHS has issued a draft of a five-year strategic health IT plan that is largely focused on providing patients with secure access to their health information as well as supporting secure, interoperable health information exchange among providers.
A federal judge in Atlanta has given final approval to a settlement that resolves a class action lawsuit against credit bureau Equifax, which in 2017 suffered one of the largest data breaches in history. The minimum cost to Equifax will be $1.38 billion.