Health insurer Aetna ACE reported to federal regulators a health data breach affecting nearly 326,000 individuals tied to an apparent ransomware incident involving OneTouchPoint, a subcontractor that provides printing and mailing services to one of the insurer's vendors.
A Florida operator of urgent care clinics recently reported to federal regulators a health data breach affecting more than 258,000 individuals tied to a vendor's ransomware attack in May 2021. Why did it take so long to determine that the incident resulted in breach of protected health information?
Two hacking incidents involving vendors providing important IT-related and other services to dozens of covered entity clients are among the latest breaches affecting hundreds of thousands of individuals' data and show how mounting reliance on third parties creates increased risk to patient data.
As CISO of Edward-Elmhurst Health, Shefali Mookencherry consistently works at the intersection of cybersecurity and privacy. "Privacy tells us why," she says, "and security tells us how." She discusses her role and the inherent challenges it poses to her.
How many organizations fall victim to a ransomware outbreak? How many victims pay a ransom? How many victims see stolen data get leaked? A new study from the EU's cybersecurity agency ENISA offers answers, but carries major caveats due to rampant underreporting of such attacks.
Lisa Sotto of Hunton Andrews Kurth LLP joins three ISMG editors to discuss important cybersecurity and privacy issues, including data breach preparedness, the evolution of LockBit 3.0 and the potential impact of the Cyber Incident Reporting for Critical Infrastructure Act of 2022.
Here's unwelcome ransomware news: When a ransomware victim chooses to pay a ransom, the average amount has increased to $228,125, reports ransomware incident response firm Coveware. On the upside, however, big-name ransomware groups are having a tougher time attracting affiliates.
Another proposed federal class action lawsuit alleges Facebook uses its Pixel tracking tool to collect millions of individuals' sensitive health data from healthcare provider websites without patients' knowledge or consent. HIPAA prohibits the use of PHI for marketing purposes without consent.
The ISMG Security Report analyzes a settlement with the U.S. Justice Department, in which Uber accepts responsibility for a data breach cover-up to avoid criminal charges. It also discusses why early-stage startups are conserving cash and recent initiatives from the U.S. Federal Trade Commission.
Data breaches in the healthcare sector cost about $10.1 million - more than double the average cost of breaches across other industries - once again ranking the sector as having the most expensive data breaches, says Limor Kessem, principal consultant of cyber crisis management at IBM Security.
The report from Israeli publisher Globes that CrowdStrike plans to spend $2 billion buying one or more Israeli cybersecurity companies sent shockwaves through the industry. Here's a look at six security startups with a large presence in Israel that could be a good fit for CrowdStrike.
A recent Securities and Exchange Commission filing by Tenet Healthcare, a major Dallas-based healthcare delivery organization, provides the latest public peek into the hefty impact a disruptive cyber incident can have on a healthcare entity's finances.
Federal regulators say credit unions should report cyber incidents within 72 hours, including those experienced by third-party vendors that process member data. Just five deposit, payment, and data processing service companies dominate the credit union market.
One Identity selected ex-LogRhythm CEO Mark Logan as its next leader and tasked him with standing the Quest subsidiary up as a stand-alone entity. The company offers identity governance, privileged access, identity management and Active Directory management solutions thanks to buying OneLogin.
Big, bad bugs - including the likes of Heartbleed, BlueKeep and Drupalgeddon - never seem to burn out. Instead, they just slowly fade away, despite the risk that attackers will successfully exploit them to steal data, seize control of systems or deploy ransomware.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.com, you agree to our use of cookies.