An incident involving a third-party vendor migrating a server containing archived email of a medical device provider has resulted in a reported health data breach impacting more than 277,000 individuals. What went wrong?
The FDA is generally on the right track in updating guidance for the cybersecurity of premarket medical devices. But a variety of changes are needed, say some of the healthcare sector companies and groups that submitted feedback to the agency.
A medical software vendor's unsecured fax server leaked patients' medical information, highlighting yet again the importance of vendor risk management.
According to some researchers, up to 61 percent of recent data breaches were a result of a third-party vulnerability. Matan Or-El, CEO of Panorays, discusses the weakest links of supply chain security and how to strengthen them with automated tools.
CISOs need to work with partners in other departments to help ensure the success of major security projects, says John Pescatore, the director of the SANS Institute, who spoke at RSA Conference 2019.
Five years ago, rating the cybersecurity posture of organizations to help reduce risk and improve their security posture was a new idea. Since then, the concept has been expanded to include everything from threat management to cyber insurance premiums, says Sam Kassoumeh, COO of SecurityScorecard.
Columbia Surgical Specialists of Spokane has reported a breach impacting 400,000 individuals, the largest added to the federal health data breach tally so far in 2019. Meanwhile, a medical center in Chicago has also reported a major breach.
What are some of the hottest issues that will be discussed at this year's RSA Conference, to be held March 4-8 in San Francisco? Britta Glade, content director for the world's largest data security event, says DevSecOps - as well as third-party risk and cloud-related issues - are emerging as key themes.
With such a wide breadth of responsibility, how can small and mid-sized financial institutions counter sophisticated cyberthreats, provide monitoring and incident response needed for compliance?
If you are a security or risk leader, you know that even with a formal third-party risk program in place, you are not effectively keeping track of all of your third parties.
On Wednesday, just days after a new "cybersecurity" law took effect, Vietnam alleged that Facebook has violated the law by allowing users to post anti-government comments on the platform. The so-called cybersecurity law actually speaks little about IT security measures.
An EU General Data Protection Regulation enforcement action against a hospital in Portugal demonstrates complying with GDPR may be even tougher than complying with HIPAA. Regulatory experts analyze the implications of the case.
The Trump administration has launched a public awareness campaign, spearheaded by the National Counterintelligence and Security Center, urging the U.S. private sector to better defend itself against nation-state hackers and others who may be trying to steal their sensitive data or wage supply chain attacks.
With the aim of helping healthcare entities of all sizes improve their cybersecurity, the Department of Health and Human Services has issued a four-volume publication of voluntary best practices. Experts weigh in on whether it will prove helpful, especially for smaller organizations.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.com, you agree to our use of cookies.