A messy legal case involving a 2017 privacy breach that has already cost Aetna about $20 million in settlements has taken yet another twist. The health insurer has filed a lawsuit against two organizations that represented plaintiffs in an earlier privacy-related dispute, attempting to recoup some costs.
A mental healthcare practice's decision to pay a ransom to have sensitive patient data unlocked illustrates the difficult choices that organizations can face when attempting to recover from a ransomware attack.
What happens if organizations that must comply with GDPR have yet to achieve compliance, despite having had two years to do so before enforcement began? Don't panic, says cybersecurity expert Brian Honan, but do be pursuing a data privacy transparency and accountability action plan.
The EU's General Data Protection Regulation has gone into full effect as of May 25, 2018. After a two-year grace period following the passage of the legislation, member states' data privacy watchdogs are now enforcing the strong privacy rules, which offer worldwide protection for Europeans.
Leading the latest edition of the ISMG Security Report: Reports on the impact enforcement of the EU's General Data Protection Regulation, which began Friday, will have on the healthcare and banking sectors. Plus an assessment of GDPR compliance issues in Australia, which offer lessons to others worldwide.
To judge by the flood of GDPR-themed email hitting inboxes, Europe's privacy law has been designed to ensure that you say "yes" to companies that monetize the buying and selling of your personal details, regardless of whether you remember ever having done business with them before.
We surveyed more than 2,000 working adults - 1,000 in the US and 1,000 in the UK - about cybersecurity topics and best practices that are fundamental to data and network security. What we found out about the personal habits of these individuals was sometimes heartening, occasionally perplexing, and frequently...
Anti-phishing training should be the foundation of any security awareness training program - but it's
critical to think beyond email (in more ways than one) in order to effectively strengthen end-user defenses.
Simulated phishing attacks - that is, email tests designed to mimic real-world social engineering attacks...
The American Civil Liberties Union has launched a broadside against Amazon, warning that Amazon Rekognition - mixing big data, machine learning and facial recognition - could be abused by authoritarian regimes. Amazon has countered by saying that all users must "comply with the law."
European Parliamentarians finally had their opportunity on Tuesday to ask Facebook CEO Mark Zuckerberg questions about its data handling and privacy practices. But the session, which lasted roughly 90 minutes, turned into a somewhat frustrating flop.
Will federal regulators finally tackle long overdue rulemaking related to a HITECH Act provision calling for the Department of Health and Human Services to share money collected from HIPAA settlements and penalties with breach victims?
With enforcement of the EU's GDPR set to begin on May 25, Australian organizations vary in readiness. Steve Ingram of PwC says it's not too late for companies to prepare for GDPR, but it will be too late to ask regulators for forgiveness if something goes wrong.
Early experiments are demonstrating how blockchain, the distributed and immutable ledger behind virtual currencies, potentially could play an important role in identity management, says Avivah Litan, a Gartner Research analyst.
Distributed deception technology does not provide a viable solution for defending ATM machines against attacks executed physically on the machines themselves. But it is arguably the most effective means of stopping the most damaging attacks - the ones executed against the larger ATM network or those enabled by...