Intel Has a New Speculative Execution Issue: Foreshadow

Jeremy Kirk • August 15, 2018

The Meltdown and Spectre attacks from earlier this year showed how the quest to make CPUs run faster inadvertently introduced serious security vulnerabilities. Now, researchers have unveiled a new attack called Foreshadow that builds on those findings, affecting millions of Intel processors made over the past five

ATM Fraud

The Art of the Steal: FIN7's Highly Effective Phishing

Latest

Blockchain Applications

How Hackers Are Targeting Initial Coin Offerings

Jeremy Kirk • August 15, 2018

The proliferation of cryptocurrency and blockchain projects is posing enticing new opportunities for hackers, says Aleksandr Lazarenko of Group-IB.

Breach Preparedness

HHS OIG Finds Security Flaws in Maryland's Medicaid System

Marianne Kolbasuk McGee • August 15, 2018

Maryland's Medicaid system has "numerous significant" security weaknesses that need to be addressed, according to a federal watchdog agency. Earlier audits of other state Medicaid programs have yielded similar results

Business Continuity/Disaster Recovery

Should Staff Ever Use Personal Devices to Access Patient Data?

Marianne Kolbasuk McGee • August 14, 2018

When is it acceptable to allow healthcare workers to use their personal smartphones to access patient records? A recent incident at the Oklahoma Department of Veterans Affairs spotlights the dilemma.

Data Breach

D-Link Routers In Brazil Fall To DNS Tampering

Jeremy Kirk • August 13, 2018

Cybercriminals in Brazil have capitalized on older vulnerabilities in D-Link routers for financially motivated phishing attacks. The attackers changed DNS settings to use their own malicious DNS server, allowing for seamless shifts to phishing sites.

Compliance

HIPAA Security Rule Turns 20: It's Time for a Facelift

Marianne Kolbasuk McGee • August 10, 2018

As the HIPAA security rule turns 20, it's time for regulators to make updates reflecting the changing cyberthreat landscape and technological evolution that's happened over the past two decades, says security expert Tom Walsh.

Application Security

New Privacy Issues for Amazon

Nick Holland • August 10, 2018

An analysis of the privacy issues Amazon will face as it dives deeper into the healthcare business leads the latest edition of the ISMG Security Report. Also featured: A preview of ISMG's Security Summit in New York Aug. 14-15.

Application Security

Numerous OpenEMR Security Flaws Found; Most Patched

Marianne Kolbasuk McGee • August 9, 2018

Nearly two dozen security weaknesses in OpenEMR - open source electronic medical record and practice management software - left patient data vulnerable to cyberattacks before most were patched, according to the London-based security research firm Project Insecurity.

Application Security

DevSecOps: The Keys to Success

Suparna Goswami • August 9, 2018

Although there's widespread agreement that addressing security early in the software development cycle is an essential component to any breach prevention strategy, implementing DevSecOps can prove challenging.

Cybersecurity

Bitfi Gets Pwnies Award for 'Lamest Vendor Response'

Mathew J. Schwartz • August 9, 2018

Hubris has a new name: Bitfi. The cryptocurrency wallet-building company, backed by technology eccentric John McAfee, earned this year's not-so-coveted Pwnies Award for "Lamest Vendor Response" for how it mishandled security researchers' vulnerability disclosures. Bitfi has promised to do better.

Data Breach

300,000 Records Found at Hospital Slated for Demolition

Marianne Kolbasuk McGee • August 8, 2018

Documents containing information on more than 300,000 patients were recently discovered on the former campus of a Missouri hospital that's being prepared for demolition four years after the hospital moved to new facilities. The incident illustrates the need to track all paper records that contain PHI.

Awareness & Training

Training to Improve Support of Product Security

Tom Field • August 8, 2018

The Forum of Incident Response and Security Teams recently announced the release of new training resources to help organizations build and improve product security incident response teams. Damir "Gaus" Rajnovic of FIRST discusses the global need for these resources.

Electronic Healthcare Records

HHS Scolded for Delay in Issuing Health Info Blocking Regs

Marianne Kolbasuk McGee • August 7, 2018

More than a dozen technology and medical organizations are asking HHS why it's taking so long to issue regulations aimed at limiting the blocking of health information sharing. The regs were called for in a law passed in 2016.