Last month, the FFIEC issued an FAQ about its Cybersecurity Assessment Tool, reiterating that use of the tool is voluntary. But some critics say regulators are still questioning institutions about their use of the tool during IT examinations, meaning its use is not truly voluntary.
Most - but not all - ransomware attacks against healthcare organizations are reportable breaches requiring notification to affected individuals and federal regulators, Deven McGraw, deputy director of health information privacy at the HHS Office for Civil Rights, explains in this video interview.
An analysis of how the Donald Trump administration will address health IT security and privacy leads the latest edition of the ISMG Security Report. Also, the ramifications of a big breach, and an FBI agent tackles ransomware.
A week after hackers apparently breached the websites of seven Indian embassies, one of the attackers claims to have breached an Indian consulate in the U.S. and posted data online to draw attention to vulnerabilities.
The success of Operation SAMBRE, a global cybercrime investigation into the theft of billions of dollars from banks throughout the world, proves why information sharing between law enforcement and the private sector is key to battling cybercrime.
Yahoo in 2014 spotted that an attacker - later revealed to have compromised 500 million accounts - was inside its network, according to a new SEC filing. With Yahoo's $4.8 billion sale to Verizon still pending, the admission adds to the search giant's complications.
The breach of Democratic Party computers led to the release of a trove of emails embarrassing to Hillary Clinton that might have swayed the election. Should the IT security community fess up? Also, top government cybersecurity policymakers assess President-elect Donald Trump as an IT security influencer.
President-elect Donald Trump will review the nation's cyber vulnerabilities at the start of his presidency, just like Barrack Obama did. But Trump hasn't demonstrated the deep understanding of cyber that Obama did when he took office nearly eight years ago.
Federal regulators are urging healthcare sector organizations to reassess whether their authentication methods need strengthening to help prevent breaches. But does their advice go far enough in advocating multifactor authentication?
An explanation of how the FBI likely was able to quickly review 650,000 emails found on a computer shared by a top aide to Democratic Party presidential nominee Hillary Clinton leads the latest ISMG Security Report. Also, this week's ISMG Fraud and Breach Prevention Summit in London is previewed.
Did security vendor Cylance lean too heavily on decade-old research into weaknesses in a still-used electronic voting machine in order to get pre-election day headlines? A company spokesperson says no.
U.K. Chancellor Philip Hammond used the launch of Britain's new five-year National Cyber Security Strategy to trumpet the country's strike-back capabilities. But other parts of the strategy - including more automated defenses - hold much greater promise.
In recent weeks, many more hacker attacks - including some ransomware assaults - on healthcare entities large and small have been added to the federal tally of major breaches, continuing a trend that started in 2015.