Recent financial reports from three healthcare sector organizations that suffered cyberattacks demonstrate how costly data breaches can be for not-for-profit healthcare providers and for-profit companies alike.
The unfolding story of Cambridge Analytica, which shows how personal information on millions of consumers was obtained via Facebook, demonstrates the degree to which our personal data can be weaponized against us.
Equifax has a new problem in Australia, a country that was left unscathed by the credit bureau's devastating data breach. The Australian Competition and Consumer Commission alleges the credit bureau deceived vulnerable consumers by misrepresenting its products and charging for services that should have been free.
Privacy attorney Kirk Nahra offers an analysis of the New York state attorney general proposing updates to the state's data security laws and issuing a substantial financial penalty in a HIPAA violations case.
The PCI Security Standards Council is offering 40 percent lower fees for participating organizations in nations with lower-income economies. "We want to encourage countries in Africa and South Asia to get engaged with us," Jeremy King, international director at PCI SSC, tells ISMG in an exclusive interview.
HHS continues to improve its information security program, but it needs to take steps to address a number of ongoing weaknesses, according to a new watchdog agency report. What are those glaring weaknesses, which are also, unfortunately, common at many healthcare organizations?
The Securities and Exchange Commission and the Department of Justice have both charged Jun Ying, a former CIO at data broker Equifax, with engaging in illegal insider trading after he determined that his employer had suffered a massive breach.
A U.S. power company, unnamed by regulators, has been fined a record $2.7 million for violating energy sector cybersecurity regulations after sensitive data - including cryptographic information for usernames and passwords - was exposed online for 70 days.
President Donald Trump has blocked a bid by Singapore's Broadcom to acquire U.S. chipmaker Qualcomm on the grounds that it could impact national security, including the United States' ability to help shape future mobile telephony standards.
A federal judge has largely rejected a motion by Verizon to dismiss a class-action lawsuit filed by victims of three data breaches that compromised Yahoo, which is now part of Verizon. The Yahoo breaches appeared to have compromised nearly every Yahoo user's personal details at least once.
While the director of the HHS Office for Civil Rights says HIPAA enforcement remains a top priority for the agency, obtaining enough resources to carry out its mission is an ongoing battle, says former OCR official Deven McGraw.
More healthcare organizations are "decoupling" their HIPAA compliance efforts from their cybersecurity initiatives, a sign that the sector is maturing, says security expert Axel Wirth, discussing findings of a new study by HIMSS Analytics and Symantec.
HHS Office for Civil Rights Director Roger Severino told an audience at the HIMSS18 conference Tuesday that there will be "no slowdown" in the agency's HIPAA enforcement efforts. But he told ISMG following the presentation that there will be no phase 3 for HIPAA compliance audits.
In a groundbreaking prosecution, two individuals in Ukraine have been sentenced for running extortion campaigns that disrupted international victims' websites with massive DDoS attacks unless they paid bitcoin ransoms of up to $10,000.
Many banking institutions boast of being "digital first" and enabling "omnichannel banking." But are they fully aware of the new fraud risks they also are inviting? Kimberly Sutherland and Kimberly White of LexisNexis Risk Solutions discuss how to mitigate omnichannel fraud.