SecurityArchitecture.comMedStar attack apparently enabled by unpatched software
Attackers who find vulnerable servers can deploy ransomware without any action on the part of users in the targeted organization.
Privacy and Security Tiger Team recommends federal PKI cross-certification for all NwHIN participants
In the latest round of security recommendations for the Nationwide Health Information Network (NwHIN), the Privacy and Security Tiger Team (a workgroup of the federal Health IT Policy Committee that advises the National Coordinator for Health…
VA over-disclosure of EHR data highlights difficulty in managing fine-grained consent
In its Monthly Report to Congress On Data Incidents for the month of September (the exact time period noted on the report is August 30 – October 3, 2010), the Department of Veterans Affairs (VA) describes…
Lots of health data breaches reported to HHS, only trivial ones to FTC
With just over a year having passed since the health data breach notification rules mandated by the Health Information Technology for Economic and Clinical Health (HITECH) Act went into effect, and interesting contrast has emerged between…
Rules still pending on privacy and security requirements for PHRs
The Office of the National Coordinator for Health Information Technology (ONC) within the Department of Health and Human Services (HHS) has announced plans for a public roundtable discussion on personal health records (PHRs) to be held…
NCHICA offers recommendations to health care providers on security and meaningful use
The North Carolina Healthcare Information and Communications Alliance (NCHICA) just released a white paper entitled “Privacy and Security Implications of Meaningful Use for Health Care Providers” that reflects the results not only of an analysis of…
Identity theft from hospital records violates more than HIPAA
HealthcareInfoSecurity.com‘s Howard Anderson and others last week covered an indictment filed in Pennsylvania against a man who allegedly used his authorized access (as a hospital employee) to patient records to steal names, dates of birth, social…
CSO Online Headlines
- The biggest data breach fines, penalties, and settlements so far
- New CISO appointments 2024
- Top cybersecurity product news of the week
- Looking outside: How to protect against non-Windows network vulnerabilities
- Cloud security teams: What to know as M&A activity rebounds in 2024
- Salt Security adds defense against OAuth attacks
- Cisco urges immediate software upgrade after state-sponsored attack
- What will cyber threats look like in 2024?
- How the ToddyCat threat group sets up backup traffic tunnels into victim networks
Dark Reading
- New Research Suggests Africa Is Being Used As a 'Testing Ground' for Nation State Cyber Warfare
- MITRE's Cyber Resiliency Engineering Framework Aligns With DoD Cyber Maturity Model Cert
- Philippines Pummeled by Assortment of Cyberattacks & Misinformation Tied to China
- Jason Haddix Joins Flare As Field CISO
- Thousands of Qlik Sense Servers Open to Cactus Ransomware
- Intel Harnesses Hackathons to Tackle Hardware Vulnerabilities
- Held Back: What Exclusion Looks Like in Cybersecurity
- Palo Alto Updates Remediation for Max-Critical Firewall Bug
- CISO Corner: Evil SBOMs; Zero-Trust Pioneer Slams Cloud Security; MITRE's Ivanti Issue
