The British government has proposed revisions to the country's main computer crime law - the 32-year-old Computer Misuse Act - to allow police to seize domains and compel data retention. While the government has promised to protect white hat hackers, it has yet to issue concrete proposals.
The U.S. government on Thursday unveiled a task force aimed at preventing advanced technology from reaching repressive regimes, including the People's Republic of China. The task force will be led by personnel in the departments of Justice and Commerce.
Chris Inglis, head of the Office of the National Cyber Director in the White House, stepped down from the position. The widely anticipated move comes as the Biden administration finalizes a national cyberspace strategy expected to call for more regulation and the disruption of malicious actors.
As ransomware attacks continue to target the healthcare industry, cyber risk is now patient safety risk. Unfortunately, many cyber risk management programs are woefully understaffed and resource-constrained. As such, leading healthcare CIOs, CISOs, and Supply Chain executives are rapidly automating best practices and...
Healthcare entities and their vendors should be prepared to show evidence to regulators of how they've implemented "recognized security practices," or RSPs, says Robert Booker, chief strategy officer of HITRUST. "You've got to demonstrate that you align with a framework."
Maintaining compliance is a difficult job -- both in scope and in practical application. Organizations need to comply with a vast array of regulations, and the number is constantly increasing. Compliance is consistently tightening; businesses and financial institutions now have to comprehend the new PCI-DSS 4.0...
Cedars-Sinai Medical Center in Los Angeles has joined a growing list of organizations being sued for allegations that its use of website tracking codes is unlawfully sharing individuals' personal and health information to third-party social media and marketing companies.
On the heels of an enforcement action last week by the Federal Trade Commission, telehealth and discount prescription drug provider GoodRx now also faces a proposed class action lawsuit over its data-sharing practices with third parties and the use of website tracking code.
A Scottish school system decided not to use facial recognition in its secondary school cafeterias after international outcry. The U.K. Information Commissioner's Office said Tuesday that the North Ayrshire Council failed to obtain freely given consent for the system.
Federal regulators hit Banner Health, which operates hospitals and other care facilities in multiple states, with a $1.25 million HIPAA settlement in the wake of a 2016 hacking incident that affected nearly 3 million individuals. Banner Health will also implement a corrective action plan.
Virginia Democratic Sen. Mark Warner, who chairs the Senate Select Committee on Intelligence, says he hopes to gather support for new bipartisan legislation this year to incentivize healthcare sector entities to meet certain minimum cybersecurity standards and tackle other top security concerns.
The FTC has for the first time enforced its almost 14-year-old health data breach notification rule. It hit a telehealth and prescription drug discount provider with a $1.5 million civil penalty for failing to inform consumers that it shares their data with advertisers and other third parties.
JD Sports, a sports fashion retailer with global operations, says personal details pertaining to about 10 million online customers of JD Sports and its Size?, Millets, Blacks, Scotts and MilletSport brands from 2018 to 2020 have been stolen by attackers and warns customers to beware of scammers.
The Dutch central bank fined Coinbase 3.3 million euros, saying the U.S. cryptocurrency exchange failed to comply with the national anti-money laundering statute. Since May 2020, Dutch law has required crypto companies operating in the Netherlands to register as money transmitters.
A review of internet of things manufacturers by Copper Horse shows that European companies fared the worst in having vulnerability disclosure policies. The European Commission has proposed legislation known as the Cyber Resilience Act that would make vulnerability disclosure policies mandatory.