Russian email service Mail.Ru says its users' credentials contained in data leaked to Hold Security are 99.982 percent invalid, leading it to slam the security firm for stoking "media hype." But Hold Security's CISO contends the leak contains valid email addresses that could be used for phishing and spam.
A security firm claims to have obtained from a young Russian hacker a data set that includes 272 million unique credentials for Hotmail, Gmail and Yahoo email addresses, among others. But there's no reason to panic, security experts say.
The Joint Commission, which accredits healthcare organizations, has reversed its long ban on physicians and other clinicians using text messaging to place orders related to patient care, citing technology advances that enable more secure communication. But users must comply with a list of requirements.
What could be worse than a ransomware infection? How about getting infected by "torture ransomware" that uses a sadistic puppet to taunt you, slowly deleting your encrypted files while increasing the ransom demand until you pay?
A jury's decision to award $940 million in damages to electronic health records software vendor Epic Systems, which had sued India's Tata Consultancy Services alleging theft of trade secrets, serves up lessons about the importance of restricting access to all sensitive data, including intellectual property.
The continuing success of attackers stealing billions of dollars from organizations, often through simple business email compromise scams, is a sad commentary on the state of corporate security practices as well as our collective lack of cybersecurity smarts.
Health insurer Anthem, the victim of a massive hacker attack, failed in its effort to persuade a court to allow it to inspect certain customers' computers to help it fight a class-action lawsuit tied to the breach. Why did Anthem make the move? And what issues does it raise?
Now that the Department of Health and Human Services has announced that it will soon begin the next round of HIPAA compliance audits, organizations need to take specific steps to prepare in case they're chosen for scrutiny, says attorney Robert Belfort, a regulatory specialist.
Federal regulators have imposed a $1.55 million penalty on a Minnesota healthcare system as part of a settlement following an investigation of a breach involving a business associate. The vendor has already been sanctioned by two other government entities for the same stolen laptop incident.
As a result of high-profile breaches, emerging malware threats and increased regulatory scrutiny, CISOs at financial institutions are under more pressure than ever to develop innovative strategies for enhancing cybersecurity. And the CISO's evolving role will be a hot topic at RSA Conference 2016.
While hacker attacks increasingly pose threats to electronic patient data, yet another healthcare provider has reported a major breach involving the improper disposal of paper and film records. The number of individuals being notified makes this the biggest reported health data breach of its kind.
If recent cyberattacks on healthcare organizations - including the ransomware attack on Hollywood Presbyterian Medical Center - tell us anything, it's that better cyber threat intelligence sharing is desperately needed. A project led by Harris Health Systems aims to help identify the gaps that need to be addressed.
Java users are being warned to only use newly released installers to avoid a nasty potential exploit. Meanwhile, a veteran bug hunter questions whether Oracle's move to ditch Java browser plug-ins will have a significant security upside.
Cybercriminals are in mourning after the shocking announcement from Oracle that it will deep-six its beloved Java Web browser plug-in technology, owing to browser makers failing to support "standards based" plug-ins.