The latest revelation of a cyber-attack against a health insurer - this time Excellus BlueCross BlueShield - illustrates why it's so important for healthcare organizations to frequently scrutinize systems for intrusions. Experts offer analysis.
If there's one thing federal regulators want to drill into the heads of covered entities and business associates about data breach prevention, it's this: Stop procrastinating, and conduct a risk analysis and encrypt most of your computing devices right away.
FDA official Suzanne Schwartz, M.D., expects more medical device security vulnerabilities to come to light in the year ahead. The FDA soon will issue new guidance addressing the cybersecurity of medical devices already in use.
More hackers are exploiting remote-access and network vulnerabilities, rather than installing malware to invade networks and exfiltrate data, says Dell SecureWorks' researcher Phil Burdette. That's why conventional breach-detection tools aren't catching the intrusions.
Underground cybercrime forums continue to evolve, offering services ranging from cybercrime toolkits and money laundering to bulletproof hosting and a service that reviews exfiltrated data for corporate secrets, says cybersecurity analyst Tom Kellermann of Trend Micro.
CISOs who want to keep more cyber-attacks from succeeding should focus on decreasing the half-life of vulnerabilities, which refers to the amount of time it takes half of all systems affected by a vulnerability to get patched. That's the advice from Qualys' Wolfgang Kandek.
Is a hackable car defective? The auto industry likens hack attacks to troublemaking. But legislators and regulators are taking a closer look at connected cars and the safety risks posed by software bugs.
An appellate court has upheld the Federal Trade Commission's authority to play a key regulatory role in cybersecurity as it relates to the protection of consumer data against breaches. Legal experts evaluate the long-term implications.
To help mitigate the risk that blackmail and extortion campaigns might target employees, employers' security teams must regularly review post-breach data dumps as well ramp up enforcement of their corporate security policies, says Stephen Coty of Alert Logic.
Rand Corp.'s Martin Libicki sees circumstances in which a weaker economy could curtail Chinese cyber spying on U.S. companies. Then again, he says, the Chinese government could see spending money on hacking as an economic stimulus.
The Ashley Madison mega-breach differs from previous breaches not just because of its scale, but also the fallout facing victims of the breached infidelity-focused dating site. Here are the top information security takeaways.
Carilion Clinic, a Roanoke, Va.-based network of hospitals and outpatient facilities, has fired or disciplined 14 employees over a problem common at many healthcare organizations: patient record snooping. Experts discuss how to tackle the challenge.
The outrage directed at Oracle Corp.'s security chief after a recent blog post in which she scolded third parties who scan the company's software looking for security flaws had a familiar ring: Do medical device makers have a similar cybersecurity attitude?