You see the news: how many healthcare entities are struck by ransomware. But how many of them conducted business impact analyses before they were victims? Too few, says Cathie Brown of Clearwater. She discusses the value of doing a BIA before the crisis strikes.
The prolific Avaddon ransomware-as-a-service operation has announced its closure and released 2,934 decryption keys for free. Has the increased focus by Western governments on combating ransomware been driving this and other operations to exit the fray?
A small U.S. nuclear weapons contractor has confirmed that it suffered a ransomware attack, resulting in the theft of data. Credit for the attack has been taken by the ransomware-as-a-service operation known as REvil, aka Sodinokibi, which the FBI recently tied to the attack against meatpacking giant JBS.
The recent decision by a Massachusetts-based hospital to pay a ransom in exchange for promises by the attackers to destroy stolen data spotlights the difficult choices many healthcare entities face in the wake of cyberattacks.
In its 19th enforcement action involving a HIPAA "patient right of access" dispute, the Department of Health and Human Services has smacked a small medical practice with a financial fine and a supervised corrective action plan.
Organizations are connecting to industrial control networks at an increasing pace. The need to connect to the IT environment, cloud applications and remote workers has created a definitive gap by eroding the demilitarized zone. Because of this, organizations must deploy new ways to secure operational technology...
Former customers of the now-defunct encrypted communications service EncroChat, which was infiltrated by police last year, continue to get busted, including members of a crime syndicate that operated "an industrial-scale cocaine laboratory" in the Netherlands, Europol says.
A federal $25,000 HIPAA settlement with a clinical laboratory is significant because it calls for a wide-ranging corrective action plan. And the enforcement action is unusual because it's the result of a compliance review of a covered entity not directly tied to the data breach that triggered the investigation.
A data security incident involving a Canada-based insurer that provides comprehensive health coverage to students studying abroad shines a light on complex international regulatory issues companies can face in the wake of a data breach.
As HHS weighs potential modifications to the HIPAA Privacy Rule, regulators must consider aligning those changes with other health data regulations that deal with privacy, patient access to records and secure exchange of electronic health information, some industry groups commenting on the proposal say.
Two companies that serve the healthcare sector have reported disruptive cyber incidents affecting their clients, the latest in a string of similar supply chain incidents.
The National Institute of Standards and Technology is seeking public comment as it plans to update its 2008 guidance for implementing the HIPAA Security Rule. But is it time to update the security rule itself?
Cisco recently released the 2021 Security Outcomes Study - Small and Midsize Business (SMB) Edition, which revealed a number of somewhat surprising findings about SMBs and how they compare to their larger counterparts.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.
