Attorney Elizabeth Harding clears up confusion about certain provisions of the EU's General Data Protection Regulation, including the issue of when organizations need to obtain a European consumer's consent to process their data.
A case involving alleged insider theft of protected health information from a hospital in New York illustrates why healthcare organizations need to take extra precautions to prevent similar incidents. Security experts offer recommendations.
Lawsuits sparked by massive data breaches at Yahoo - and the company's failure to report those breaches to investors in a timely manner - could soon be resolved. Plaintiffs and defendants say they have committed to a $47 million deal that they expect to submit for court approval within 45 days.
More evidence that running cybercrime schemes remains inexpensive and accessible to anyone with criminal intent: To send spam emails, admitted botnet herder Peter Levashov quoted customers $500 for 1 million emails. And that was just his 2016 pricing.
Attack code known as EternalBlue, designed to exploit a Windows SMB flaw, continues to work for attackers despite Microsoft having issued patches more than a year ago. One major U.S. business was a recent victim as part of a cryptocurrency-mining malware campaign, a researcher reports.
A key amendment to Canada's Personal Information Protection and Electronic Documents Act goes into effect on Nov. 1. What are the baseline standards for compliance, and how does this change impact risk transfer and mitigation? Charlie Groves of CrowdStrike shares his views.
Making bigger advances in implementing nationwide health information exchange will require a multipronged effort, including getting patients more involved and using a variety of technical approaches, says Scott Stuewe, the new president and CEO of DirectTrust.
Intel has had a challenging time lately on the vulnerability front. It has issued yet another patch for its Management Engine after a researcher was able to extract two types of encryption keys. The problem was a repeat of one that Intel patched just last year.
Less than four months after GDPR enforcement began, Europe has arguably entered the modern data breach notification era. Reports of data breaches continue to increase, and breached organizations now face the specter of class-action lawsuits over material as well as non-material damages.
The new Apple Watch 4, which includes a sensor that can conduct an electrocardiogram, spotlights the emergence of consumer apps that appear to cross over into the territory of medical devices, raising potential cybersecurity concerns.
The Food and Drug Administration should increase its scrutiny of the cybersecurity of networked medical devices before they're approved to be marketed, a new government watchdog agency report says. FDA says it will carry out the report's recommendations.
Should Europe's "right to be forgotten" apply worldwide? That's the focus of a case before the EU's highest court, which has pitted proponents - including Austria and France - against Google, Microsoft and the European Commission, who argue that the EU law provision should only apply in Europe.
CISOs and CIOs must ensure their organizations plan for worst-case scenarios, conducting frequent "dry runs" of disaster recovery plans, says Tonguc Yaman, CIO of SOMOS, a New York Community Care Network, who formerly served as deputy CIO of Bellevue Hospital.