New draft guidance from the National Institute of Standards and Technology - if properly applied by HIPAA regulated entities - could help organizations avoid fines and similar enforcement actions by regulators in the wake of breaches, some experts say.
Getting cybersecurity right means CISOs need peer relationships with other operations executives. CISOs need board access and a handle on the company business, writes Ian Keller, director of security at a telecom company. "And then you'll wake up and realize this is not as simple as it sounds."
A proposed $350 million settlement of a consolidated class action lawsuit against T-Mobile, after a 2021 data breach that affected nearly 77 million people, includes breach victims and related legal costs. The settlement requires T-Mobile to invest $150 million to bolster data security.
A slew of HIPAA enforcement actions is a sign that regulators are impatient with the short shrift that many medical providers give to providing patients access to their health information. No fewer than 11 of the last dozen HIPAA fines focus on a right of access dispute.
The Identity Theft Resource Center's data breach report for the first half of 2022 says approximately 40% of data breach notices do not list the root cause of the compromise. "Unknown" is the top cause of data breaches for the first time since the ITRC began tracking their causes.
Thales plans to enter the customer identity and access management market through its purchase of an emerging European CIAM player. The French firm plans to capitalize on OneWelcome's strong product by extending its footprint beyond Europe and into North America and Asia-Pacific.
As the world embraces renewables and green energy, is the energy sector properly learning from past cybersecurity mistakes? Rafael Narezzi, CTO of CF Partners, discusses current industrial cybersecurity shortcomings and the need for the industry to take a more mature and proactive approach.
Cybersecurity compliance is not the same as security. Recognizing this fact can lead many organizations to prioritize one over the other, thereby increasing critical risks. But by taking a planned approach to integrating the two, you can achieve a holistic solution that delivers both.
Ransomware attacks and data breaches: One thing both have in common is the challenge of attempting to accurately understand their true scale and impact. Too often, data breach notifications lack useful details, while ransomware attacks and ransom payments go unreported.
Many healthcare sector entities are undertaking projects involving the collection, analysis and sharing of large volumes of health data. But along with those efforts come critical privacy and security concerns, says attorney Iliana Peters of Polsinelli.
While 52% of organizations in a SANS survey reported having high confidence in their visibility of north-south traffic, only 17% said the same about knowing what's happening within their networks.
Please don't pay ransoms, authorities continue to urge. Britain's lead cyber agency and privacy watchdog are now making that appeal directly to legal advisers, warning them that paying a ransom offers no data protection upsides and won't lessen any fine they might face.
A federal grand jury indicted a 38-year-old Florida man for allegedly selling more than $1 billion worth of counterfeit Cisco network equipment to customers worldwide, including hospitals, schools, government agencies and the military, as "new and genuine Cisco products," the indictment says.
The Biden administration continues to react to the Supreme Court's overturn of precedent guaranteeing a constitutional right to abortion, issuing Friday an executive order that includes provisions to help safeguard the privacy of patients' data.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.com, you agree to our use of cookies.