The Cybersecurity and Infrastructure Security Agency released an advisory Wednesday warning that a Russian military intelligence unit has been actively exploiting a widely used software product since September as part of an effort to gain long-term access to compromised systems.
Three members of Congress are urging the Department of Health and Human Services to improve HIPAA privacy protections around pharmacy information. The request comes after the lawmakers asked major pharmacy companies how they handle law enforcement requests for patient records.
Seeking to maximize profits no matter the cost, ransomware groups have been bolstering their technical prowess and psychological shakedowns with a fresh strategy: attempting to control the narrative. Experts are warning security researchers and journalists to beware being co-opted.
North Korean hacking group Lazarus Group is exploiting Log4Shell to target manufacturing, agriculture and physical security sectors, resulting in the deployment of a tailored implant on compromised systems. The attack campaign targeted publicly accessible VMware Horizon servers.
A Kentucky-based hospital chain is notifying millions of individuals that their information was potentially exfiltrated in a May attack. Russian-speaking ransomware-as-a-service group Alphv/BlackCat - which is currently reportedly undergoing its own disruptions - took credit for the data theft.
Bugcrowd CEO Dave Gerry and Emily Ferdinando, vice president, marketing, highlighted the significance of tapping into the creativity of the ethical hacker community, combined with the expertise of internal security teams, to enable organizations to stay one step ahead of cyberthreats.
In the latest "Proof of Concept," Chris Hughes, co-founder and CISO of Aquia, join editors at ISMG to discuss the nuances around software liability, how organizations are integrating standards development practices, and guidelines for determining when a supplier qualifies for safe harbor.
Open-source software is pervasive in healthcare. It is used in critical systems such as electronic health records and components contained in medical devices. Federal regulators are urging healthcare sector firms to be vigilant in managing risks and threats involving open-source software.
Weeks after the Department of Health and Human Services announced its first HIPAA enforcement action in a ransomware breach, federal regulators have reached another milestone: a $480,000 settlement in a HIPAA case centered for the first time ever on a phishing attack.
The Joint Commission is kicking off a new voluntary certification program for hospitals' "responsible use" of health data. The effort aims to help address growing privacy concerns over the secondary use of patient data by third parties for artificial intelligence initiatives and other activities.
Whether because they're malicious, oblivious to company rules or outsmarted by hackers, insiders pose a mounting degree of risk to companies. Hunting for outside hackers offers lessons in preventing insider incidents, said Thomas Etheridge, CrowdStrike chief global professional services officer.
The U.S. Cybersecurity and Infrastructure Security Agency is urging software developers to implement memory safe coding as part of an effort to address critical vulnerabilities in programming languages and further shift security responsibilities away from end users.
The U.S. Department of Health and Human Services on Wednesday released a sweeping strategy document proposing how the Biden administration intends to push the healthcare sector - through new requirements, incentives and enforcement - into improving the state of its cybersecurity.
A New York medical imaging services provider is notifying nearly 606,000 individuals that their information was potentially accessed and copied in a recent hacking incident. The entity is one of several medical imaging centers that have reported major hacking breaches in recent weeks and months.
The recently released National Security Policy emphasizes building cybersecurity resilience in the Philippines. To do this, businesses must focus on protecting identity, push for cybersecurity education and protect critical infrastructure from external cyberattacks, said CISO Charmaine Valmonte.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.asia, you agree to our use of cookies.