Two vendors serving the healthcare sector have been targeted with breach-related lawsuits. Experts say the incidents at the center of these cases showcase the potential risks posed by vendors.
Getting the proper vendor contracts completed is a top concern for organizations preparing to comply with the California Consumer Privacy Act, says Caitlin Fennessy, research director at the International Association of Privacy Professionals.
Federal regulators have slapped Norfolk, Va.-based Sentara Hospitals with a $2.2 million HIPAA settlement for improperly reporting a breach and lacking a business associate agreement.
Global security company Prosegur has blamed Ryuk ransomware for a service disruption that started Wednesday, which may have hampered networked alarms. Prosegur isn't revealing much detail but says it is in the process of restoring services.
The healthcare sector has had plenty of significant data breaches so far this year. What can be learned from organizations' experiences? Here are three key lessons.
Virtual Care Provider Inc., which provides cloud hosting and other services to more than 110 healthcare entities, including nursing homes and assisted living facilities, is struggling to bounce back from a ransomware attack in which hackers demanded a $14 million ransom.
Hacker attacks, IT mishaps and vendor errors are among the top causes of the largest health data breaches added to the official federal tally so far this year. Here's an update.
Organizations should develop a comprehensive strategy for managing third-party security risks and avoid over-reliance on any one tool, such as vendor security risk assessment, monitoring or ratings services, says analyst Jie Zhang of Gartner.
A Utah eye clinic began notifying thousands of patients last week about a 2018 breach involving a third-party portal provider. What should other healthcare organizations learn from this incident?
Sen. Maggie Hassan, D-N.H., is demanding that the U.S. Government Accountability Office review how the Department of Homeland Security shares personal data with contractors following several recent security incidents in which such information was exposed.
Agile environments benefit from development platforms and open-source software, but that also raises the risks of attacks seeded in those supply chains, says Chet Wisniewski of Sophos, who describes steps that organizations can take to mitigate the risks.
As the supply chain in the healthcare sector becomes increasingly complex, so do the cybersecurity risks and threats. New guidance aims to help healthcare organizations better address these challenges, says Darren Vianueva, who co-chaired an industry task force that developed the guidance.
Robotic process automation aims to use machine learning to create bots that automate high-volume, repeatable tasks. But as organizations tap RPA, they must ensure they take steps to maintain data security, says Deloitte's Ashish Sharma.
Large or small, enterprises from all sectors are dealing with the same vulnerabilities in open source code. The difference: the scale of the problem. DJ Schleen of Sonatype discusses insights from the latest ISMG roundtable dinner.
What's the purpose of ISO 27701, the new privacy extension to the ISO 27001 information security management standard? Matthieu Grall, CISO and DPO at SodiFrance, a French IT services company, who participated in development of 27701, explains the standard and discusses "privacy by design" compliance issues.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.com, you agree to our use of cookies.
