The latest edition of the ISMG Security Report features an analysis of the EU General Data Protection Regulation fines that have finally been imposed on Marriott and BA over serious data breaches each suffered. Also featured: Regional digital fraud trends, and a look at the CISO role and its responsibilities.
California voters passed Proposition 24, the California Privacy Rights Act, on Nov. 3, which expands upon the recently activated California Consumer Privacy Act specifically when it comes to enforcement and how businesses handle personal data.
Large, recently levied privacy fines against the likes of British Airways, H&M and Marriott show regulators continuing to bring the EU's General Data Protection Regulation to bear after businesses get breached. But in the case of Marriott and BA, were the final fines steep enough?
Hotel giant Marriott has been hit with the second largest privacy fine in British history, after it failed to contain a massive, long-running data breach. But the final fine of $23.8 million was just 20% of the penalty initially proposed by the U.K.'s privacy watchdog, owing in part to COVID-19's ongoing impact.
The data dump of citizens' election information following a ransomware attack against a county in Georgia is likely to raise concerns about the integrity of this year's vote, some security experts say.
Citing the stretched health IT resources and heavy workloads healthcare organizations face as a result of the COVID-19 pandemic, federal regulators are delaying compliance deadlines for information blocking and health IT interoperability regulations.
Federal regulators have slapped health insurer Aetna with a $1 million HIPAA settlement for three 2017 breaches - including a mailing incident that exposed HIV information - that occurred within six months.
The latest edition of the ISMG Security Report analyzes the U.S. indictment against Russian hackers who were allegedly behind NotPetya. Also featured: A discussion of nation-state adversaries and how they operate; an update on Instagram privacy investigation.
COVID-19 has transformed the state of modern healthcare delivery, resulting in an unprecedented paradigm shift. Current circumstances have been catalytic in extending remote access for care providers and essential to deliver virtual healthcare for distant patients. It is now a given that this "new normal" will persist...
For the second time within a week, it's been revealed that sensitive voice messages containing patients' information have been exposed on the internet. The latest discovery involves unsecured voice transcripts of patient calls to drug giant Pfizer's automated customer support system.
Fraudsters are sending phishing emails with messages about the Coinbase cryptocurrency exchange to Microsoft Office 365 users in an attempt to take over their inboxes and gain access to data, according to the security firm KnowBe4.
MAXEX, a company that develops a digital trading platform for the secondary mortgage market in the U.S., leaked 9 GB of internal documentation as well as full mortgage applications for 23 individuals. The data was released by a Swiss-based developer who apparently was unaware it was sensitive.
A security researcher recently discovered an unsecure Elasticsearch database cluster exposed on the internet that contained transcripts of sensitive voicemail messages, including some for medical clinics and financial service companies.
Ireland's Data Protection Commissioner has launched an investigation into whether Facebook's Instagram service improperly displayed the email addresses and phone numbers of minors on its platform. Facebook, Instagram's owner, could face a GDPR fine if it's found to have violated privacy requirements.