Common data security mistakes made by many organizations including having a static security plan that doesn't evolve, focusing solely on compliance and not testing incident response plans, says Monique Kunkel of NTT Data Services.
In a groundbreaking effort, the attorneys general of a dozen states have jointly filed a federal lawsuit against a cloud-based electronic health records vendor that reported a 2015 data breach affecting 3.9 million individuals.
Federal regulators have slapped a company that provides contracted physicians to hospitals and nursing homes with a $500,000 HIPAA settlement in a breach case involving the lack of a business associate agreement with an individual providing billing services.
A severe vulnerability in Kubernetes, the popular open-source software for managing Linux applications deployed within containers, could allow an attacker to remotely steal data or crash production applications. Microsoft and Red Hat have issued guidance and patches; they recommend immediate updating.
One of the most significant cybersecurity challenges facing the healthcare sector is coming up with strategies that work for organizations of broadly varying sizes, says Mark Jarrett, M.D., of Northwell Health.
A failure to patch systems and slipups that lead to insider threats are two major causes of breaches in the healthcare sector that need to be urgently addressed, says Anahi Santiago of Christiana Care Health System.
A security review of two Medicaid managed care organizations in Arizona revealed several significant access control and configuration vulnerabilities, raising concerns about whether other MCOs face similar challenges.
Marriott's mega-breach underscores the challenges companies face in securing systems that come from acquisitions as well as simply storing too much consumer data for too long, computer security experts say. Meanwhile, the hotel giant has yet to answer many pressing data breach questions.
A formal security program that spells out precise governance components is critical to protecting sensitive data, says Vito Sardanopoli, who served on the U.S. Department of Health and Human Services Healthcare Industry Cybersecurity Task Force.
Because phishing attacks are so pervasive, aggressive staff educational efforts are essential, says Richard Conti of The Children's Hospital of Philadelphia, who also discusses other risk mitigation steps.
The Marriott hotel chain has announced its Starwood guest reservation database has been hacked, potentially exposing up to 500 million accounts. The unauthorized access to the database started in 2014, the company says.
Dell and Dunkin Donuts have both initiated password resets after experiencing separate security incidents aimed at gaining access to customer accounts. The impacts of the attacks, however, appear to be limited.