Freedom of Information requests sent to 430 U.K. local government councils by Barracuda Networks found that at least 27 percent of councils have suffered ransomware outbreaks. Thankfully, almost none have paid ransoms, and good backup practices appear widespread.
Recent changes by the HHS to the certification program for electronic health record software could potentially weaken efforts to ensure EHRs meet federal requirements, including those that impact security, says attorney Maya Uppaluru, who formerly was on the HHS staff.
The deadly hurricane season has prompted federal regulators to issue several specific HIPAA waivers in recent weeks. But are such waivers really necessary? And what actions can healthcare providers take during a crisis even without a waiver?
Equifax is facing increased scrutiny from Congress, including a bill that would mandate free credit freezes for consumers, on demand. But a true fix would require Congress to give U.S. government consumer watchdogs more power.
An ongoing series of Healthcare Security Readiness workshops reveals some key gaps in how healthcare organizations defend against cybercrime hacking. How should entities assess and mitigate these gaps? David Houlding of Intel shares insights.
A 10-digit PIN used by consumers to freeze access to credit reports with Equifax is based on dates and times, several observers have noticed. Equifax says it plans to change how the PIN is generated, but experts say it's another troubling development for a troubled company.
The new head of the agency that enforces HIPAA says his top enforcement priority for the coming year is to find a "big, juicy, egregious" breach case to use as an example from which others can learn. What else is on Roger Severino's agenda?
Verizon has made a strong case for continual PCI DSS awareness with its new study of payment card data security. But like many vendors that conduct their own studies supporting their business cases, Verizon makes suspect logical stretches.
Password security guidance: Do block users from picking commonly used passwords. But to avoid a usability nightmare, don't block users from picking any password that's ever been seen in a data breach, security experts advise.
Crew error - not hacking - remains the most likely explanation for this week's deadly collision between a U.S. Navy guided-missile destroyer and a merchant oil and chemical tanker off the coast of Singapore, experts say.
Carbon Black rolled with the punches last week after it was accused of exposing customer data via a bug in one of its endpoint detection products. It turned out there was no bug. But the company has gone back and uncovered a bug that did expose customer data, albeit on a small scale.
Locky is back. After falling off the radar last year, the ransomware is once again being distributed via massive spam campaigns - run by the Necurs botnet - in the form of two new variants named Diablo and Lukitus.
Leading the latest edition of the ISMG Security Report: An interview with the head of a new cyber initiative to help political campaigns and local, state and federal election officials safeguard America's electoral process. Also, analyzing the evolving characteristics of the healthcare breach.