Latest

Compliance

Analyzing Changes to EHR Certification Practices

Marianne Kolbasuk McGee  •  September 22, 2017

Recent changes by the HHS to the certification program for electronic health record software could potentially weaken efforts to ensure EHRs meet federal requirements, including those that impact security, says attorney Maya Uppaluru, who formerly was on the HHS staff.

Breach Notification

Profiting From the SEC Breach

Eric Chabrow  •  September 22, 2017

Analyzing the impact of a breach of computers at the U.S. Securities and Exchange Commission leads the latest edition of the ISMG Security Report. Also, exploring alternative plans to implement cybersecurity regulations on credit reporting bureaus in the wake of the Equifax breach.

Compliance

HIPAA Privacy Compliance After a Hurricane

Marianne Kolbasuk McGee  •  September 21, 2017

The deadly hurricane season has prompted federal regulators to issue several specific HIPAA waivers in recent weeks. But are such waivers really necessary? And what actions can healthcare providers take during a crisis even without a waiver?

Anti-Malware

Part of FTC Complaint Against D-Link Dismissed

Jeremy Kirk  •  September 21, 2017

A federal judge Tuesday dismissed three of six counts in a complaint filed by the U.S. Federal Trade Commission against IoT manufacturer D-Link that alleges its sloppy security practices deceived consumers. The FTC has until Oct. 20 to amend the complaint.

Governance

HHS Incident Response Will Be Scrutinized

Marianne Kolbasuk McGee  •  September 20, 2017

A federal watchdog agency has announced it will scrutinize HHS's incident response capabilities as well as Obamacare's security controls. The agency has also issued a new report finding security gaps in Alabama's Medicaid information systems security.

Endpoint Security

Inspector General: IRS's Aging IT Puts Taxpayer Data at Risk

Eric Chabrow  •  September 20, 2017

The use of aging computer hardware at the Internal Revenue Service is introducing "unnecessary risks" to sensitive taxpayer information, a new report reveals. But fixing the problem will be costly.

►

CISO

Why Adding Technical Experts to Boards Is Urgent

Tracy Kitten  •  September 20, 2017

Given the current threat environment, it's urgent that organizations add technical experts to their boards of directors to help ensure the development of effective cybersecurity strategies, says Art Coviello, retired chairman of RSA.

Breach Response

Medical Supply Firm Hacked; Log Review Key to Detection

Marianne Kolbasuk McGee  •  September 19, 2017

A hacking incident at a Nebraska-based medical supply company ranks as the second largest business associate health data breach reported so far this year. A log review was the key to detecting the intrusion.

Data Breach

Former Systems Administrator Gets Prison Time

Marianne Kolbasuk McGee  •  September 18, 2017

A former systems administrator who worked at a Pennsylvania clinic group for only about three weeks has been sentenced to 27 months in prison in a case involving wire fraud and hacking computers. The case highlights the importance of managing administrative credentials, especially when employees leave.

Anti-Malware

Avast Distributed Trojanized CCleaner Windows Utility

Mathew J. Schwartz  •  September 18, 2017

For one month, the installer for a widely used, free Windows utility called CCleaner also installed a malicious payload that was designed to allow attackers to push additional malware onto infected PCs, warns Cisco Talos. Developer Piriform, owned by Avast, has released updates that expunge the malware.

Anti-Malware

CDDC: One Secure Screen for Classified, Secret and Public Networks

Jeremy Kirk  •  September 15, 2017

Researchers in Australia says they've conquered a thorny problem: how to view information stored on multiple air-gapped networks at the same time without security or usability concerns. They've created a device, called the Cross Domain Desktop Compositor, that's been tested by the Australian Department of Defense.

Breach Preparedness

Gauging Equifax's Future in Wake of Massive Breach

Eric Chabrow  •  September 15, 2017

Top IT security and information risk experts, including former RSA Executive Chairman Art Coviello, analyze the struggles Equifax faces in the wake of a massive data breach in the latest edition of the ISMG Security Report.