Cobalt maker Fortra, Microsoft and the Health Information Sharing and Analysis Center obtained a U.S. federal court order redirecting into sinkhole servers the internet traffic from Cobalt Strike-infected computers sent to command-and-control centers controlled by bad actors.
Regulators are scrutinizing the use of website tracking codes and analytics such as Meta Pixel and Google Analytics. Health entities must carefully assess how those tools are being used on their health-related websites, say privacy attorneys Cory Brennan of Taft and Mark Swearingen of Hall Render.
Most of the healthcare organizations hit by distributed denial-of-service attacks by pro-Russia hacktivists in January have one or more level 1 trauma centers, indicating that the attackers aimed to disrupt care for the most critically ill and injured patients, according to a new government report.
A West Virginia hospital will soon begin notifying patients and employees affected by ransomware attackers who leaked data on the dark web. Hackers encrypted a handful of servers hosting historic "institutional data," including budget documents, cost reports and payments to vendors.
A Florida-based community healthcare system has begun notifying about 20,000 individuals whose information was compromised in a data security incident that prompted the organization to operate under its IT downtime procedures, including diverting some emergency patients, for two weeks in February.
The U.S. Securities and Exchange Commission and the state of New York have proposed new cybersecurity regulations. Fred Harris, managing director of Societe Generale, says it's a "watershed moment for the industry" and offers insights as to how financial institutions can manage these changes.
British outsourcing service provider Capita, which has major U.K. healthcare and military contracts, said an online attack disrupted internal access to Microsoft Office 365 applications, leading to service outages for multiple customers. The company hasn't said if ransomware was involved.
A 3-month-old federal law meant to future-proof federal computers from quantum computer decryption will have an effect on healthcare sector entities, too, says Mac McMillan, founder and CEO emeritus of privacy and security consulting firm CynergisTek.
Rules coming in April could require publicly traded companies to disclose a breach within four days of deeming it material as well as board member cybersecurity expertise. The SEC in March 2022 proposed a mandate that companies disclose "material" incidents within four business days of discovery.
A U.S. federal court ruling this week is the latest setback for plaintiffs in an 8-year-old proposed class action litigation against health insurer CareFirst BlueCross BlueShield in the aftermath of a 2014 cyberattack that affected more than 1.1 million individuals.
The U.S. Consumer Financial Protection Bureau is mulling over whether to reimburse consumers for online scams and fraud, but this regulatory change could lead to an increase in first-party fraud, cautioned Karen Boyer, senior vice president of financial crimes at M&T Bank.
Underwriters spend 40% of their time on manual activities, representing an efficiency loss of $85-$160 billion over the next 5 years. To compete and win in today’s uncertain economy, insurers need the speed to adapt to rapidly changing risks and operational challenges.
Join this webinar for key takeaways including...
A top Pentagon technology official on Wednesday emphasized the U.S. Department of Defense's embrace of zero trust. "We've committed to implementing zero trust across the DOD by 2027, which is an ambitious yet critical milestone," Department of Defense CIO John B. Sherman told a Senate panel.
The Food and Drug Administration on Wednesday said that starting immediately, medical device makers must include cybersecurity plans with new product applications. Beginning on Oct. 1, the FDA intends to issue "refuse to accept" determinations for submissions lacking the cyber requirements.
Cisco plans to purchase its second cloud security startup in two months to deliver context, prioritization and remediation recommendations for cloud-native resources. The networking giant said its proposed buy of Lightspin will allow clients to identify and address key cloud security risks.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.com, you agree to our use of cookies.