In the latest "Proof of Concept," Lisa Sotto of Hunton Andrews Kurth LLP and former CISO David Pollino of PNC Bank join ISMG editors to discuss the many new privacy laws in the U.S., current ransomware and scam trends, and handling the potential corporate risk of sharing information on social media.
A proposed federal class action lawsuit alleges that Facebook is unlawfully collecting "millions" of individuals' information from the websites and patient portals of "hundreds" of medical providers without the knowledge and consent of patients.
Canada's Desjardins Group has reached an out-of-court settlement to resolve a data breach class action lawsuit. The breach, which the credit union group first disclosed in 2019, traced to a "malicious" insider who for 26 months had been selling personal details for 4.2 million active customers.
Worries among Democratic lawmakers that the U.S. Supreme Court will overturn a key abortion ruling have led Sen. Elizabeth Warren, D-Mass., to introduce legislation that would ban data brokers from selling or transferring sensitive health and location data.
A bipartisan U.S. proposal for a national privacy law also imposes new cybersecurity regulatory mandates onto the private sector. The inclusion of a data security section in draft privacy legislation shows the Washington consensus for voluntary industry measures is wearing thin.
In the latest weekly update, Jeremy Grant, coordinator of the Better Identity Coalition, joins three editors at ISMG to discuss important cybersecurity issues, including where we are with passwordless, if we are getting closer to a U.S. federal privacy law, and next-gen authentication technologies.
An Arizona medical center that suffered a ransomware attack in April has begun notifying 700,000 individuals of a data breach compromising sensitive medical and personal information. The incident is among the latest major health data breaches involving ransomware.
Since joining Forescout 15 months ago as CEO, Wael Mohamed has aggressively pursued acquisitions, scooping up CyberMDX in February to safeguard internet of medical things devices and Cysiv in June to help OT and IoT customers analyze, detect and respond to threats using cloud-native data analytics.
Microsoft Azure Chief Security and Risk Officer Edna Conway says the industry is getting better at sharing information, but adds, "We don't have the protections that we need." She envisions a new model for information sharing that will be better suited for use in the next 10 years.
OneTrust has laid off 25% of its staff - or 950 workers - making it the third late-stage startup to significantly cut headcount in recent weeks. The Atlanta-based privacy and data governance vendor says the capital markets want to see a more balanced approach between growth and profitability.
Ransomware-as-a-service, supply chain attacks and the Russia/Ukraine war - they all are factors behind the growing need for digital executive protection outside the traditional workplace. Chris Pierson of BlackCloak shares new research and insights.
BSI Group has expanded its consulting practice beyond just cybersecurity to take on broader questions around digital trust, helping customers address everything from digital supply chain risk to the ethics of artificial intelligence, according to Mark Brown of BSI Group.
Organizations that work with or within the healthcare industry need to prioritize and manage security and privacy-related risk and compliance programs. As the global standard for safeguarding information, HITRUST delivers a scalable, prescriptive, and certifiable framework that enables organizations to demonstrate...
The U.S. is on "borrowed time" for a major cyberattack that could potentially seriously disrupt critical infrastructure, but the nation can secure its systems and resources to avoid such cybersecurity disasters, says Rep. Eric Swalwell, D-California.
Novartis says no sensitive information was compromised in an alleged attack involving the drugmaker's data showing up for sale on the dark web. The incident comes as new reports warn of a surge in cyberattacks on healthcare sector entities and the return of Emotet malware.