Leo Scanlon, deputy CISO at the U.S. Department of Health and Human Services, will take a lead role as HHS sharpens its ongoing focus on cybersecurity issues, an effort that will continue under the Trump administration, he explains.
A 2015 incident involving unauthorized access to a database that healthcare professionals use to check insurance eligibility of patients appears to have resulted in a breach affecting 220,000 individuals, according to just-released details.
Critical issues that must be addressed to pave the way for broader exchange of health information are expanding the use of multifactor authentication and data encryption and making broad improvements in identity management, says David Kibbe, M.D., president and CEO of DirectTrust.
Hackers have apparently hijacked potentially thousands of vulnerable MongoDB databases and demanded ransoms for the return of critical data, with some victims paying up, according to security researchers.
The lack of a smoking gun - absolute certainty - has some security experts not entirely convinced that the Russians or their backers hacked Democratic Party computers in an attempt to sway the U.S. presidential election.
Over the years, HHS has released several guidance documents, but all are weak and without mandates as it relates to identity management and authentication of entities accessing protected health information. Guidance typically includes words like "may" and "should," but rarely include words like "shall" or "must."
In the latest sign that when it comes to data, absolutely nothing is sacred, hackers have set their sights on fans of Kentucky Fried Chicken, and in particular 1.2 million members of its Colonel's Club loyalty program in the U.K. and Ireland.
Coming soon to an internet service provider near you: routers infected by IoT device botnet-building malware such as Mirai. The latest victim is ISP TalkTalk, which is updating routers to block DDoS attackers who have been seizing control of the devices.
Acknowledging the urgent IT security challenges the nation faces, a cybersecurity commission named by President Barack Obama encourages the incoming administration to adopt some of its recommendations in the first 100 days of Donald Trump's presidency.
Last month, the FFIEC issued an FAQ about its Cybersecurity Assessment Tool, reiterating that use of the tool is voluntary. But some critics say regulators are still questioning institutions about their use of the tool during IT examinations, meaning its use is not truly voluntary.
The success of Operation SAMBRE, a global cybercrime investigation into the theft of billions of dollars from banks throughout the world, proves why information sharing between law enforcement and the private sector is key to battling cybercrime.