FBI Director Christopher Wray says the agency was unable to access nearly 7,800 devices in fiscal 2017 because of encryption, which he alleges will pose ever-increasing complications for law enforcement. The FBI doesn't want a backdoor, he says, but rather a "responsible" solution to allow lawful access.
While a draft "trusted exchange framework" unveiled last week by federal regulators includes proposed components that could raise the bar for the security of health data exchange, some experts caution that elements included in the final document should not be overly prescriptive.
Patch or perish to protect against Meltdown and Spectre attacks, and prepare to keep patching as Intel, AMD and ARM, as well as makers of devices running Apple, Google and Windows operating systems, including Apple iOS and Android smartphones and tablets, continue to refine their fixes.
Microsoft has paused issuing security updates to some Windows PCs with AMD chipsets after at least one update - meant to add some Meltdown and Spectre mitigations - has left some systems unbootable. Microsoft blamed the problem on AMD failing to properly document its firmware.
One of the most alarming breaches of 2015, involving Hong Kong toymaker VTech, has resulted in a $650,000 settlement with the U.S. Federal Trade Commission. It's a warning that internet of things security shortcomings - especially involving children's personal data - will have business consequences.
Federal regulators have clarified that the use of texting to place orders, such as for medications or tests, on any platform - secure or not - is not allowed when treating Medicare and Medicaid patients. Security experts weigh in on key issues to consider when using texting for other purposes.
Personal details for 30,000 Medicaid recipients in Florida may have been exposed after a government employee fell victim to a phishing attack, state officials warn. The information could potentially be used to file false Medicaid claims.
Federal regulators have released a draft of a trusted health information exchange framework with some detailed security components that go beyond HIPAA requirements. The goal is to advance secure national health data exchange so that clinicians have quicker access to potentially life-saving information.
The U.S. Department of Homeland Security says nearly 250,000 federal employees' personal details were exposed in a 2014 breach of its Office of Inspector General's case management system. Witness testimony and an unknown number of nonemployees' personal details also were exposed.
Microprocessor makers Intel, ARM and AMD, as well as operating system and software developers and makers of smartphones and other devices, are rushing to prep, test and ship fixes for the serious CPU flaws exploitable via Meltdown and Spectre attacks.
"Replace CPU hardware" might be the only full solution listed by CERT/CC for serious flaws in microprocessors that run millions of PCs, cloud services, servers, smartphones and other devices. Thankfully, many security experts believe patches and workarounds will mostly suffice.
Despite receiving requests to better align a federal rule regarding the confidentiality of substance abuse records with the requirements of HIPAA, federal regulators only made minor tweaks to the confidentiality rule. Some experts say Congress would have to take action to pave the way for further changes.
Apparel retailer Forever 21 says point-of-sale systems in some stores were infected by malware for up to seven months, leading to the theft of customers' payment card data. The retailer says deactivated encryption technology on some POS devices exacerbated the severity of its breach.
Information security truisms: 2017 was the year of more cybersecurity - more attacks, more spending, more defenses, more breaches - and 2018 will see more of everything "cyber," plus GDPR enforcement, proxy wars online and more.
The U.S. Securities and Exchange Commission is planning to update its 6-year-old cybersecurity guidance for how publicly traded firms report data breaches to investors. Experts expect the refined guidance to cover insider trading program rules, breach notifications and business models.