Australia's information commissioner has urged organifzations to quicken the process of notifying those affected by data breaches instead of spending months analyzing each incident. Angelene Falk said it can take anywhere from 20 days to five months to notify breach victims, putting them at risk.
The Federal Trade Commission and the Department of Health and Human Services have publicly named 130 hospitals and telehealth companies that were recently warned that the use of online tracking tools in their websites or mobile apps potentially violates federal data privacy and security regulations.
A startup founded by the longtime leader of Secdo and backed by the likes of Qumra Capital and Accel could soon be acquired by Tenable. The company is in advanced negotiations to purchase cloud infrastructure security startup Ermetic in a deal valued at between $300 million and $350 million.
New regulations, including those coming into effect in the U.S., are pushing many medical device makers to radically reconsider how they approach cybersecurity for their products - including air gapping connections, said Phil Englert of the Health Information Sharing and Analysis Center.
It is increasingly important for healthcare entities to carefully examine their cyber and other insurance policies to see what risks are covered in the event of a cyber incident, especially as the threat landscape continues to evolve, said attorney Peter Halprin, a partner at law firm Pasich LLP.
Multiple hackers are minting newer capabilities from an open-source information stealer to spawn new variants. The malware steals sensitive information such as corporate credentials, which are resold to other threat actors for attacks, including operations related to espionage or ransomware.
IoT and OT devices, which include network-attached storage devices, hold valuable data that ransomware groups seek to compromise. NAS devices are often exposed on the internet and lack the robust security measures found in other endpoints, said Daniel dos Santos of Forescout Technologies.
Security experts are warning organizations with Juniper Networks SRX firewalls and EX switches to update them immediately to patch multiple vulnerabilities attackers have been targeting to remotely execute code, and which may allow them to pivot to internal networks.
It's critical for healthcare sector entities considering - or already using - generative AI applications to create an extensive threat modeling infrastructure and understand all attack vectors, said Mervyn Chapman, principal consultant at consulting and managed services firm Ahead.
In the latest "Proof of Concept," two CyberEd board members, Connecticut state CISO Jeff Brown and Maricopa County CISO Lester Godsey, join ISMG editors to discuss securing digital government services, improving user experiences and balancing user convenience with robust identity verification.
This week, Japan's cybersecurity agency reportedly was breached, social media companies were urged to ward off data scraping, the NSA said it respects foreign intelligence targets, Polish authorities arrested two for hacking a rail network, and a ransomware gang used GDPR fines as scare tactics.
Medical device maker Medtronic MiniMed violated patient privacy by using tracking and authentication technologies such as Google Analytics and Firebase in its InPen diabetes management app and services, according to a proposed federal class action lawsuit filed this week.
The Zero Trust mindset operates under the assumption that all users and resources are untrusted, and always need to be verified.
The underlying principle is to control who has access to which systems and data and have well-defined policies to define when to allow or restrict access, and how to enforce it.
The sudden change that came with WFH mandates and the need to keep workers productive at all costs gave rise to rapid access to technology. This access often bypassed regular checks and balances around access requests.
This E-book, outlines the security implications of this new work environment.
SailPoint has agreed to buy U.K.-based privileged access management vendor Osirium for $8.3 million to better protect privileged and non-privileged identities on a single platform. The deal will allow Osirium to benefit from SailPoint's increased scale and enhanced sector and regional capabilities.