Authorities are warning of threats posed by Akira, a ransomware group that surfaced in March and has been linked to dozens of attacks on small and midsized entities. The group is targeting many industries, including healthcare, and seems to favor entities that lack MFA on VPNs.
Federal regulators have smacked a large California health plan with a $1.3 million fine to settle potential HIPAA violations for two relatively small breaches that affected about 2,250 individuals. But officials indicate "long-standing HIPAA deficiencies" were a "systemic" problem at the insurer.
A federal judge has given the green light for attorneys to proceed with a consolidated class action lawsuit against Meta that accuses the social media giant of intercepting sensitive health information with its Pixel tracking tools used in numerous healthcare websites and patient portals.
Synthetic ID fraud is nothing new, but it is expanding beyond fraudulent bank accounts to identity scams for auto loans. Many organizations fail to understand the link between data breaches and fraudulent IDs, said Jason Lord, vice president of product marketing at TransUnion.
In the latest weekly update, ISMG editors discuss the state of cybersecurity market resilience in 2023, why U.S. federal regulators publicly named 130 healthcare firms using web trackers and how SentinelOne ended its partnership with startup Wiz amid takeover discussions.
Government agencies are adopting zero trust architectures, both to meet regulatory requirements, but also as a security imperative to mature their security posture, however the specific challenges faced differ from those of commercial entities. Watch this webinar to gain insights into a dedicated Zero Trust practice...
Welcome to the report summarizing the survey conducted in spring/summer 2023. It attracted 214
responses from senior cybersecurity professionals in the NA,
APAC, UKI and EU regions.
The goals for this study were to identify:
The top organizational challenges in securing non-SSO
In the aftermath of mergers and acquisitions among healthcare entities - and the resulting IT integration and cost-cutting moves - gaps in technology and skills and other gaps often put organizations at higher risk for attacks and other security incidents, said Jack Danahy of NuHarbor Security.
California Gov. Gavin Newsom on Wednesday signed an executive order to study the development, use and risks of artificial intelligence, and develop a process to deploy "trustworthy AI" in the state government. The order calls for a staggered implementation over the next two years.
The lack of an understanding of what constitutes first-party lending fraud is causing massive losses at banks. Anna Bleazard, head of Singapore and South East Asia in financial crime compliance at FTI Consulting, recommends that banks intervene as early as possible.
The number of connected devices used in healthcare is growing as manufacturers constantly introduce new types of IoT equipment. The ever-evolving threat landscape is making it harder for many entities, particularly outpatient care providers, to keep up, said Justin Foster, CTO of Forescout.
An Alabama pediatric dental practice is notifying nearly 130,000 patients that their sensitive information was compromised in a recent cyberattack. The entity appears to have potentially paid a ransom in exchange for a promise by hackers to destroy breached data without further releasing it.
The Federal Trade Commission and the Department of Health and Human Services have publicly named 130 hospitals and telehealth companies that were recently warned that the use of online tracking tools in their websites or mobile apps potentially violates federal data privacy and security regulations.
Has the cry of the Qakbot come to an end? While the pernicious, multifunction malware fell quiet last week thanks to Operation "Duck Hunt," lucrative cybercrime operations have a history of rebooting themselves. Rivals also offer ready alternatives to ransomware groups and other criminal users.
In the latest weekly update, Jeremy Grant of Venable joins three ISMG editors to discuss why the U.S. government is taking a back seat on digital identity issues, the risks of artificial intelligence, and takeaways from the U.S. Cyber Safety Review Board's recent report on cybercrime group Lapsus$.