A formal security program that spells out precise governance components is critical to protecting sensitive data, says Vito Sardanopoli, who served on the U.S. Department of Health and Human Services Healthcare Industry Cybersecurity Task Force.
Because phishing attacks are so pervasive, aggressive staff educational efforts are essential, says Richard Conti of The Children's Hospital of Philadelphia, who also discusses other risk mitigation steps.
The Marriott hotel chain has announced its Starwood guest reservation database has been hacked, potentially exposing up to 500 million accounts. The unauthorized access to the database started in 2014, the company says.
Dell and Dunkin Donuts have both initiated password resets after experiencing separate security incidents aimed at gaining access to customer accounts. The impacts of the attacks, however, appear to be limited.
DDoS attacks against healthcare organizations have increased not only in size and scale, but especially in complexity, says Tom Bienkowski of Netscout Arbor. How can enterprises build upon their traditional DDoS defenses?
Organizations in all sectors struggle with mitigating the insider threat, but it's an acute concern in healthcare, where patients' lives are at stake. Pete Nourse of Veriato outlines specific threats to this sector.
With the Cosmos bank attack still fresh in memory, some security experts are urging the Reserve Bank of India to take immediate steps to upgrade the security capabilities of banks. For example, they want banks to do away with user-based one-time passwords delivered via text messages.
The latest version of the NIST Cybersecurity Framework - Version 1.1 - includes more information on supply chain risk management, authentication, authorization, identity proofing and self-assessing cybersecurity risk management, says Matthew Barrett of the National Institute of Standards and Technology.
A federal grand jury has indicted two Iranians for allegedly waging SamSam ransomware attacks on more than 200 entities, including Atlanta and other municipalities and six healthcare organizations. They collected $6 million in ransoms and caused more than $30 million in losses to victims, U.S. prosecutors allege.
Consumer organizations in seven countries plan to file complaints alleging that Google is violating the EU's General Data Protection Regulation via its location, web and app activity tracking, in what could be a blow to the search giant's lucrative but data-hungry targeted advertising business.
The U.S. Department of Justice says eight individuals have been indicted - and three of them arrested abroad - as part of a multiyear FBI investigation into gangs that allegedly perpetrated digital advertising fraud via the Methbot and 3ve schemes.
Uber has been slammed with $1.2 million in fines by U.K. and Dutch privacy regulators for its cover-up of a 2016 data breach for more than a year. The breach exposed millions of drivers' and users' personal details to attackers, whom Uber paid $100,000 in hush money and for a promise to delete the stolen data.
Australia's Parliament has passed legislation that strengthens privacy protections for My Health Record, the country's embattled digital medical records program. But questions remain about whether the changes go far enough to restore confidence in electronic health records.
A court has preliminarily approved Lenovo's proposal to pay $7.3 million to settle a consolidated class action lawsuit filed over its preinstallation of Superfish adware onto laptops purchased by 800,000 consumers. Superfish, which has dissolved, already reached a $1 million settlement agreement.
A British lawmaker has obtained sealed U.S. court documents to reveal internal Facebook discussions about data security and privacy controls, as Parliament probes Facebook and other social media firms as well as Russian interference and fake news.