Shopify's announcement this week that two employees inappropriately accessed transactional data from 200 of the merchants that use its e-commerce platform demonstrates the importance of taking a "zero trust" approach to security and improving identity and access management capabilities, security experts say.
As the tally of reported heath data breaches related to the May ransomware attack on Blackbaud continues to climb, so do the number of lawsuits filed against the cloud-based fundraising software vendor.
Federal regulators have announced a $1.5 million HIPAA settlement with a Georgia orthopedic clinic stemming from a 2016 breach involving The Dark Overlord hacking group. The case serves as a warning of the potentially hefty cost of failure to implement a comprehensive HIPAA compliance program.
A U.K. resident who was a member of The Dark Overlord hacking group pleaded guilty to federal charges Monday and was sentenced to five years in prison, according to the U.S. Justice Department. The group targeted several healthcare organizations and others.
U.S. government agencies are supposed to have patched the "Zerologon" vulnerability by now, about six weeks after Microsoft issued a patch. But CISA warns that too many agencies' systems remain unpatched.
Several Senate Democrats are demanding answers from the Department of Veterans Affairs about cybersecurity practices after a breach that the VA says exposed data on 46,000 veterans, but which the senators claim also apparently affected 17,000 healthcare providers. The VA disputes that provider figure.
The latest edition of the ISMG Security Report analyzes whether a leaked database compiled by a Chinese company should be a cause for serious concern. Also featured are discussions on vulnerability disclosure challenges and risks posed by using social media apps for payments.
Cloud services are frequently associated with digital transformation and innovation; however, these services also expand cyber-attack surfaces for threat actors to exploit.
Read this whitepaper to learn about:
The economic impact of a data leak;
The surge in ElasticSearch "ransom" demands;
Managing Open Source...
A ransomware attack that reportedly was directed at a German university but shut down emergency services at an affiliated hospital likely contributed to the death of a patient who needed urgent treatment but instead had to be transported to another hospital, delaying care, according to a news report.
Dunkin' Brands' settlement with the New York state attorney general of a lawsuit tied to a 5-year-old data breach affecting its Perks rewards cardholders could open the door to suits by other states - as well as customers.
A security incident in which hackers used social engineering techniques to divert Department of Veterans Affairs payments intended for healthcare providers compromised the personal information of 46,000 U.S. veterans.
What's one of the worst things that can happen during a pandemic? The answer is anything that gives people less reason to trust in their public health system to handle the crisis. Enter a data breach that has exposed personal information for everyone who's ever tested positive for the disease in Wales.
A leaked database compiled by a Chinese company has suddenly become the focus of news media reports warning that it could be used as an espionage instrument by Beijing. But on closer examination, the alleged "social media warfare database" looks like public information largely scraped from social media sites.
The number of individuals affected by the May ransomware attack on cloud-based software vendor Blackbaud continues to soar. And breach reports tied to the incident now total over 170, according to one estimate.