FDA official Suzanne Schwartz, M.D., expects more medical device security vulnerabilities to come to light in the year ahead. The FDA soon will issue new guidance addressing the cybersecurity of medical devices already in use.
The HHS Office for Civil Rights is getting closer to resuming the HIPAA compliance audit program, says OCR Director Jocelyn Samuels. Plus, OCR has completed another major breach-related settlement, and it's firming up plans for several new compliance-related initiatives.
The U.S. Office of Personnel Management promises that it will soon notify 21.5 million individuals that their background-check information was breached. Meanwhile, the government has lined up notification and response services for future needs.
Government agencies used to be the top attack target, as well as the top source of threat intelligence. How did the private sector turn the tables, and what can government do to improve? Rapid7's Wade Woolwine offers insight.
More hackers are exploiting remote-access and network vulnerabilities, rather than installing malware to invade networks and exfiltrate data, says Dell SecureWorks' researcher Phil Burdette. That's why conventional breach-detection tools aren't catching the intrusions.
Policymakers must consider three factors before imposing sanctions in retaliation for state-backed hacks: Confidence in its attribution of responsibility, the impact of the incident and the levers of national power at a state's disposal.
When it comes to healthcare payments, fraud tends to come in two flavors: Organized and opportunistic. What are the biggest gaps in detecting and preventing these schemes? IBM's Robert McGinley shares insight.
If malware infections and data breaches are inevitable, then why should organizations even try to be proactive? Isn't a reactive stance more appropriate? Not so, says Marcin Kleczynski, CEO of Malwarebytes.
Underground cybercrime forums continue to evolve, offering services ranging from cybercrime toolkits and money laundering to bulletproof hosting and a service that reviews exfiltrated data for corporate secrets, says cybersecurity analyst Tom Kellermann of Trend Micro.
The departure of Noel Biderman as CEO of Avid Life Media, parent company of the infidelity website Ashley Madison, represents a growing recognition of corporate executives' responsibility for data security.
CISOs who want to keep more cyber-attacks from succeeding should focus on decreasing the half-life of vulnerabilities, which refers to the amount of time it takes half of all systems affected by a vulnerability to get patched. That's the advice from Qualys' Wolfgang Kandek.
Is a hackable car defective? The auto industry likens hack attacks to troublemaking. But legislators and regulators are taking a closer look at connected cars and the safety risks posed by software bugs.
An appellate court has upheld the Federal Trade Commission's authority to play a key regulatory role in cybersecurity as it relates to the protection of consumer data against breaches. Legal experts evaluate the long-term implications.
Breached dating site Ashley Madison is offering a $500,000 reward for information relating to the attack. The FBI, which is leading the investigation, is treating the breach as a national-security matter.