An internal investigation into the February theft of $81 million from the central bank of Bangladesh reportedly found that a handful of negligent and careless bank officials inadvertently helped facilitate the heist by outside hackers.
President Obama is expected on Dec. 13 to sign the 21st Century Cures Act, which the Senate passed on Dec. 7. Among its long list of provisions, the bill lays out a number of privacy and security-related projects for HHS, including imposing fines on those that intentionally block health data information sharing.
Coming soon to an internet service provider near you: routers infected by IoT device botnet-building malware such as Mirai. The latest victim is ISP TalkTalk, which is updating routers to block DDoS attackers who have been seizing control of the devices.
In a rare settlement of a data breach class action lawsuit, Tampa General Hospital has agreed to pay plaintiffs who alleged they're at risk for identity theft as a result of insider incidents. But was the settlement amount appropriate?
Visa and MasterCard have pushed back their EMV fraud liability shift date for U.S. pay-at-the-pump gas terminals from October 2017 to October 2020. They made the right decision, given the relatively low rates of card fraud at gas pumps.
Today's ISMG Security Report leads off with House Homeland Security Committee Chairman Michael McCaul and DHS Secretary Jeh Johnson lamenting about the congressional bureaucracy that hinders passage of needed cybersecurity legislation.
Many members of Britain's Parliament regularly use technology - and tech firms - as a scapegoat for intractable social issues or failed government policies. Does the country's new mass surveillance law now enshrine technology scapegoating into law?
The Internet Archive, a pioneering 20-petabyte digital repository, is raising funds to replicate its data in Canada. The group's founder fears that the election of Donald Trump as the next U.S. president portends an uncertain privacy rights future.
Federal regulators have issued a warning to healthcare sector organizations about a phishing email campaign that pretends to be compliance audit communications from the nation's top HIPAA enforcer. But who's really sending out these emails?
Score one for preparation: In the wake of a ransomware attack that infected 900 workstations, the San Francisco Municipal Transportation Agency says it's restoring affected systems, vowing to not give the attackers a single bitcoin of their ransom demand.
The House is slated to vote Nov. 30 on a heavily reworked version of the 21st Century Cures bill that no longer includes a controversial provision calling for significant changes to the HIPAA Privacy Rule.
Healthcare entities must perform security due diligence when they consider introducing emerging technologies - including "internet of things" devices - into their environments, says attorney Stephen Wu, author of a new book on HIPAA compliance.