The Petya ransomware gang says it released 3,500 crypto keys that it stole - along with source code - from rival Chimera ransomware developers. If the keys are legitimate, security firms say they can build decryption tools for Chimera victims.
The nation's HIPAA enforcement agency has dramatically ramped up its issuance of breach-related financial penalties. In the ninth enforcement action of 2016, it slapped University of Mississippi Medical Center with a $2.75 million fine after a breach investigation revealed big security woes.
Mobile health applications, wearable fitness trackers and even social media sites are creating new privacy risks for health information because the data collected, shared and used falls outside the regulatory scope of HIPAA, says Lucia Savage of the Office of the National Coordinator for Health IT.
At the Black Hat event in Las Vegas later this month, researchers plan to reveal vulnerabilities in hooking engines, a critical component of security software and other applications, including Microsoft Office.
The federal agency that enforces HIPAA has been very busy lately, taking numerous steps to reiterate the importance of safeguarding patient data and stressing the need to prepare a breach response plan. But the agency still needs to improve transparency on breaches involving business associates.
Oregon Health & Science University says it has been slapped with a $2.7 million fine after HHS investigated two data breaches that affected a total of about 7,000 individuals. It's the eighth HIPAA-related settlement announced by HHS so far this year.
How low will ransomware go? New malware - dubbed Ranscam - demands bitcoins to unlock files, but in reality they've already been deleted, researchers warn. As always when it comes to defending against ransomware, preparation pays.
The Department of Health and Human Services' Office for Civil Rights has notified 167 covered entities they've been selected for remote "desk audits" of their HIPAA compliance. But the audits will focus on only a handful of requirements.
Most ransomware attacks result in a breach of protected health information that must be reported under HIPAA, according to newly released federal guidance for healthcare entities and business associates. But is the guidance clear enough?
The federal tally of major health data breaches shows that to-date in 2016, there have been more reported hacker incidents than during the first half of 2015. However, so far this year, those hacks appear to be affecting fewer individuals.
Security vendors are issuing warnings about two new types of dangerous Mac malware - Eleanor and Keydnap - which serve as a reminder that it's not just Windows users coming under fire from malicious software developers and tricksters.
Members of Congress have sent a letter to federal regulators saying that because ransomware attacks are "different" from other breaches in the healthcare sector, there's a need for new recommendations in upcoming government guidance.
In the first HIPAA enforcement action against a business associate, federal regulators have smacked a nonprofit organization with a $650,000 penalty following an investigation into a 2014 security incident affecting just 412 patients.
Ukraine's central bank has confirmed that one of the country's banks fell victim to a fraudulent SWIFT heist in April. This latest such attack revelation should spur all SWIFT-using banks to assume they've been hacked, until proven otherwise.
Would access to better information pertaining to encryption help Congress pass good crypto-related laws? That's the impetus behind a "Digital Security Commission" and a related report being hawked by some lawmakers.