Acknowledging the urgent IT security challenges the nation faces, a cybersecurity commission named by President Barack Obama encourages the incoming administration to adopt some of its recommendations in the first 100 days of Donald Trump's presidency.
In the 13th HIPAA enforcement action this year, federal regulators have slapped the University of Massachusetts Amherst with a $650,000 financial settlement and corrective action plan after investigating a relatively small 2013 breach involving a malware infection at a campus speech and language center.
After complaints from merchants and an update from the Fed, Visa has modified debit routing rules, noting that merchants can route U.S. EMV debit transactions through any of more than a dozen available networks, and not just Visa's. The move could have implications for chip-and-PIN use.
Vulnerable firmware has been highlighted again in a range of low-cost Android phones, raising concerns over their security. This latest incident comes 11 months after security analysts first raised flags.
Last month, the FFIEC issued an FAQ about its Cybersecurity Assessment Tool, reiterating that use of the tool is voluntary. But some critics say regulators are still questioning institutions about their use of the tool during IT examinations, meaning its use is not truly voluntary.
Federal regulators are urging healthcare sector organizations to reassess whether their authentication methods need strengthening to help prevent breaches. But does their advice go far enough in advocating multifactor authentication?
U.K. Chancellor Philip Hammond used the launch of Britain's new five-year National Cyber Security Strategy to trumpet the country's strike-back capabilities. But other parts of the strategy - including more automated defenses - hold much greater promise.
In recent weeks, many more hacker attacks - including some ransomware assaults - on healthcare entities large and small have been added to the federal tally of major breaches, continuing a trend that started in 2015.
Changes in NIST's upcoming revision of its security and privacy controls guidance acknowledge the view that security and privacy are concerns for all sectors, not just the federal government.
In the twelfth HIPAA enforcement action so far this year, federal regulators have smacked St. Joseph Health System with a $2 million penalty after investigating a breach that exposed patient information to internet searches for more than a year. And more enforcement actions tied to other breaches are on the way.
A federal watchdog agency's reviews of Minnesota's state-operated Obamacare health insurance exchange and Colorado's Medicaid eligibility and claims processing systems reveal a variety of security weaknesses that are also common among healthcare providers.
Understanding the difference between cybersecurity crisis management and security incident response could be critical to your organization's survival. In this blog, a CISO offers insights on creating an effective crisis management plan.
Verizon is reportedly awaiting the full results of a digital forensic investigation into the record-setting Yahoo data breach to ascertain whether it will revise its $4.8 billion bid to buy the search firm. Did the breach have a "material impact" on Yahoo's business? That's the question.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.