Although the CareFirst BlueCross BlueShield breach is the third major hacker attack against a health insurer revealed in recent months, experts warn that other organizations, including health information exchanges, could be targeted next.
"Millions" of devices from numerous router manufacturers appear to use a third-party software component called NetUSB, which can be exploited to bypass authentication checks and remotely take control of the devices, security researchers warn.
Numerous websites, mail servers and other services - including virtual private networks as well as "all modern browsers" - have a 20-year-old flaw that could be exploited by an attacker, computer scientists warn.
Although the 2015 Healthcare Information Security Today survey shows improving regulatory compliance is priority No. 1, CISO Cris Ewell of Seattle Children's Hospital suggests building a strong information security program should be a higher priority.
Security vulnerabilities in certain infusion pumps manufactured by Hospira could allow an unauthorized user to alter the dose the devices deliver, the FDA warns. Just a few months ago, the FDA issued a medical device security guide.
Caffeine junkies are up in arms over reports that criminals have been targeting their Starbucks account balances. But the real story is poor password-picking practices by consumers, and Starbucks' lack of multi-factor authentication.
Much of today's crime is "cyber-enabled," warns cybercrime expert Raj Samani, and successfully blocking such attacks increasingly demands not just better technology and public-private collaboration, but also an understanding of psychology.
Mumbai-based Meru Cabs, which offers online and mobile-app cab bookings, has been inadvertently exposing customer data to the Internet. How did the exposure occur, and what is Meru doing to address the flaw?
Lenovo issues an emergency patch to fix flaws in the System Update software that it preinstalls on business-focused Windows PCs after security researchers discover vulnerabilities that could be used to remotely compromise machines.
Security expert Mike Canavan of Kaspersky Lab North America pinpoints several critical security steps that organizations can take to help reduce the likelihood they'll become a victim of a hacking attack.
After nearly 2Â½ months on the job, federal Chief Information Officer Tony Scott was reluctant to offer Congress a detailed assessment of the quality of agencies' information security until reviewing results of pending "CyberStat" reviews.