Because healthcare IT environments are so complicated, it will become essential for all suppliers to provide and maintain a software bill of materials for their products to remain relevant, says Curt Miller of the Healthcare Supply Chain Association.
GAO auditors say in a new report that the federal government's response to both the SolarWinds software supply chain attack and the exploitation of Microsoft Exchange Servers in 2021 sharpened its coordination efforts, but also exposed information-sharing gaps.
The services of domain name registrar and web hosting provider Enom Inc. were plagued by downtime issues during a scheduled data center migration activity. An update on its support center says "extended" maintenance is complete, but customers still report issues accessing their websites and emails.
In the midst of a global pandemic, the federal breach tally shows that a record number of major health data breaches were reported in the U.S. in 2021, and the overwhelming majority of them involved hacking/IT incidents. Will those trends continue in 2022?
Risk management is essential to the existence of every business. It requires organizations to consider which risks they can accept and which risks they can mitigate. But the problem with risk acceptance is that attackers are "actively looking for risks that you haven't mitigated that they're able to exploit," says...
More than a year after the December 2020 cyberattack on Accellion's File Transfer Appliance, the company has agreed to an $ 8.1 million settlement to resolve a class action against it following the data exposure that resulted in the theft of both consumer and patient data.
A family medical practice is notifying nearly 200,000 individuals that their information was compromised in a 2020 ransomware attack on cloud hosting vendor Netgain Technology, an incident that also affected several of the vendor's other clients and hundreds of thousands of their patients.
The latest edition of the ISMG Security Report features an analysis of how attackers are distributing Night Sky crypto-locking malware to exploit Log4j vulnerabilities, lessons learned from Log4j and a security flaw that affects some Tesla-built vehicles.
Maryland officials confirm that a December cyberattack on the state's health department, which is still disrupting some services, involved ransomware - but that no ransom was paid. Also, lawsuits have been filed against a Florida specialty pharmacy in the wake of a November cyber incident.
A vendor that provides clinical reviews notified nearly 135,000 individuals and dozens of clients of a cyberattack involving the exploitation of a product vulnerability and data exfiltration. Experts say the incident is the latest reminder of the importance of comprehensive vulnerability management.
Sen. Gary Peters, D-Mich., who chairs the Homeland Security and Governmental Affairs Committee, said this week that his committee convened a virtual briefing with both CISA and National Cyber Director Chris Inglis to discuss efforts to mitigate the threat posed by the Log4j vulnerability.
The Apache Log4j vulnerability capped the end of a long year for CISOs and incident responders. Security leaders Pooja Shimpi and Deepayan Chanda discuss how they have tackled Log4j - and significant lessons learned about incident response and information sharing.
The JFrog research team discovered a new RCE vulnerability, which will be tracked by NIST as CVE-2021-42392, in the H2 database console. Although the researchers say the root cause of this critical flaw is similar to the flaw in Apache's Log4j, they believe the differences may lessen its impact.
Florida-based Ravkoo, an online pharmacy, is notifying tens of thousands of individuals that their personal information was potentially exposed in a data security incident involving the company's Amazon Web Services hosted portal.