Black Hat USA 2022 opened with somber warnings from Chris Krebs about why application developers, vendors and the government need to solve major industry challenges. Key security executives also discussed DNS visibility, cloud security, patch management, APT strategies and supply chain woes.
ISMG caught up with 11 security executives in Las Vegas on Tuesday to discuss everything from open-source intelligence and Web3 security to training new security analysts and responding to directory attacks. Here's a look at some of the most interesting things we heard from industry leaders.
A Florida operator of urgent care clinics recently reported to federal regulators a health data breach affecting more than 258,000 individuals tied to a vendor's ransomware attack in May 2021. Why did it take so long to determine that the incident resulted in breach of protected health information?
Two hacking incidents involving vendors providing important IT-related and other services to dozens of covered entity clients are among the latest breaches affecting hundreds of thousands of individuals' data and show how mounting reliance on third parties creates increased risk to patient data.
Another proposed federal class action lawsuit alleges Facebook uses its Pixel tracking tool to collect millions of individuals' sensitive health data from healthcare provider websites without patients' knowledge or consent. HIPAA prohibits the use of PHI for marketing purposes without consent.
The report from Israeli publisher Globes that CrowdStrike plans to spend $2 billion buying one or more Israeli cybersecurity companies sent shockwaves through the industry. Here's a look at six security startups with a large presence in Israel that could be a good fit for CrowdStrike.
Big, bad bugs - including the likes of Heartbleed, BlueKeep and Drupalgeddon - never seem to burn out. Instead, they just slowly fade away, despite the risk that attackers will successfully exploit them to steal data, seize control of systems or deploy ransomware.
New draft guidance from the National Institute of Standards and Technology - if properly applied by HIPAA regulated entities - could help organizations avoid fines and similar enforcement actions by regulators in the wake of breaches, some experts say.
Getting cybersecurity right means CISOs need peer relationships with other operations executives. CISOs need board access and a handle on the company business, writes Ian Keller, director of security at a telecom company. "And then you'll wake up and realize this is not as simple as it sounds."
A slew of HIPAA enforcement actions is a sign that regulators are impatient with the short shrift that many medical providers give to providing patients access to their health information. No fewer than 11 of the last dozen HIPAA fines focus on a right of access dispute.
Many healthcare sector entities are undertaking projects involving the collection, analysis and sharing of large volumes of health data. But along with those efforts come critical privacy and security concerns, says attorney Iliana Peters of Polsinelli.
Please don't pay ransoms, authorities continue to urge. Britain's lead cyber agency and privacy watchdog are now making that appeal directly to legal advisers, warning them that paying a ransom offers no data protection upsides and won't lessen any fine they might face.
The Biden administration continues to react to the Supreme Court's overturn of precedent guaranteeing a constitutional right to abortion, issuing Friday an executive order that includes provisions to help safeguard the privacy of patients' data.
Memo to IT administrators: Don't store data in cloud in an unsecure manner. Security researchers at Secureworks have found more than 1,200 cloud-based, unsecured Elasticsearch databases that attackers wiped, leaving only a ransom note demanding Bitcoin in return for their restoration.
Manufacturing is a huge industry with massive amounts of critical data and IoT surfaces, and it is also a lucrative target for cybercriminals. CyberEdBoard member Shankar Karthikason discusses how to secure your OT environment and build an effective cybersecurity program.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.eu, you agree to our use of cookies.