Healthcare providers and their vendors often fear federal regulatory action, but do fines and corrective action many any difference at all? As breach cases have nearly doubled since 2018, federal fines dropped 93% in 2022, and some say the agency is understaffed and crippled by legal challenges.
What does the latest version of India's data protection bill mean for CISOs, and what impact does it have on security practitioners? Khushbu Jain, advocate, of the Supreme Court of India, shares some of the fine print in the draft legislation and discusses some changes that CISOs may need to make.
India's current Data Protection draft bill is a sea change from its earlier version. What works in the new bill and what does not work? Three experts share their views on the expected practical implementation of some of the requirements of the bill.
Cybersecurity experts warn that large healthcare and public sector organizations are continuing to get hit by "big-game hunting" attackers wielding Lorenz ransomware. Among the group's known victims are Wolfe Eye Clinic in Iowa and Salud Family Health of Colorado.
Over 5,000 major health data breaches since 2009 have affected the personal information of 370 million people. Ransomware gangs and hackers are targeting healthcare providers, insurance firms and partners at an alarming rate. Experts explain why it's such a dangerous game.
An Australian nonprofit children's charity warned about 80,000 donors of the compromise of their credit card and personal information resulting from a recent hacking incident. The Smith Family says the hacker failed to steal any charity funds but did manage to access donor data.
Trade-related services resumed Monday at Central Depository Services Ltd. in India, days after trading was suspended during a cyberattack Friday. All pending trades have now been settled, though brokers report some continued IT issues. The service says it appears that no data has been compromised.
Data breaches are tricky to cover, and we want to report on them in an ethical way. That requires picking what should be reported for informed public discourse but avoiding topics that may encourage attackers' efforts to shame victims into paying a ransom and anything resembling data dump voyeurism.
Cyberattackers love to strike on weekends and holidays - that's not news. What is news: These attacks cost more than weekday incidents, and they take a heavy toll on defenders. Cybereason's Sam Curry shares insight from the new study "Organizations at Risk: Ransomware Attackers Don’t Take Holidays."
A New York-based firm that provides anesthesiology administrative services to 100 surgery centers and medical offices across the U.S. is facing at least five proposed federal class action lawsuits following a July hacking incident that affected some of its clients and over 450,000 of their patients.
The Australian government says hackers from Russia are behind the attack on Medibank, the country's largest private health insurer. Prime Minister Anthony Albanese said not just hackers but "the nation where these attacks are coming from should also be held accountable."
API attacks are up, and lateral movement has become the new battleground. But VMware's latest Global Incident Response Threat Report shows that responders are starting to step up and fight back against attackers. Chad Skipper tells how and shares key findings from this new report.
In the latest weekly update, ISMG editors discuss the implications of the former Uber CSO's guilty verdict for the rest of the industry, the growing problem of keyless car theft, and the latest progress toward a passwordless future revealed at the annual FIDO Alliance conference.
The latest edition of the ISMG Security Report discusses how Russian-speaking ransomware gangs have their eyes on a new target, offers the latest on Australia's data security reckoning and the government’s response, and outlines emerging trends in customer identity and access management.
In the wake of former Uber CSO Joe Sullivan being found guilty of a criminal data breach cover-up, legal experts say CISOs shouldn't be running scare, but should ensure they have well-defined incident response playbooks and remember to always clearly document what they're doing and why.