Health insurer Anthem had earned HITRUST Common Security Framework certification before its mega-breach. Now that the insurer has agreed to a $16 million HIPAA settlement with federal regulators, who spelled out the company's security shortcomings, it's worth scrutinizing the value of adopting a framework.
Federal regulators are working to shore up security of systems that support Obamacare in time for open enrollment season, which launches on Nov. 1, following the revelation of a breach of a portal used by insurance agents and brokers that exposed data of 75,000 individuals.
Cryptojackers and eavesdroppers are continuing to exploit a one-time zero-day flaw in unpatched MikroTik routers, despite a patch that's been available for six months as well as the actions of a vigilante "gray hat" hacker who's forcibly "fixed" 100,000 vulnerable routers.
Organizations must carefully monitor that their business associates are adequately addressing data security to help guard against breaches, says Mark Eggleston, CISO at Health Partners Plans, who will speak on vendor risk management at ISMG's Healthcare Security Summit, to be held Nov. 13-14 in New York.
Federal regulators have smacked health insurer Anthem with a record $16 million HIPAA settlement in the wake of a cyberattack revealed in 2015, which impacted nearly 79 million individuals. What missteps does the settlement highlight?
Health insurer Aetna is still paying the price for two 2017 privacy breaches involving mailings that potentially exposed HIV and cardiac condition information about thousands of individuals. Here's the latest update.
The Pentagon is warning that a data breach at a third-party travel management service provider exposed records for an estimated 30,000 civilian and military personnel. The breach alert follows a recent GAO report warning of serious cybersecurity shortcomings in U.S. weapon systems.
CISOs and other security practitioners are embracing the idea of a business-driven security model that takes a risk-oriented approach, says Rohit Ghai, president of RSA. "Cybersecurity conversations are becoming business conversations rather than technology conversations."
The biggest challenge for any critical infrastructure facing potential cyberattacks is devising ways to maintain business continuity, says cybersecurity specialist Prashant Pillai, who calls for building resilience into network design. He'll be a speaker at ISMG's Security Summit: London, to be held Oct. 23.
Everyone knows that two-factor authentication (2FA) is more secure than a simple login name and password, but too many people think that 2FA is a perfect, unhackable solution. It isn't!
Join Roger A. Grimes, KnowBe4's Data-Driven Defense Evangelist, and security expert with over 30-years experience, for this...
What can organizations do to thwart business email compromise attacks? In an interview, David Stubley, CEO of the consultancy 7 Elements, outlines several key steps. He'll be a featured speaker at Information Security Media Group's Security Summit: London, to be held Sept. 23.
A national cybersecurity strategy document released by the White House last week - along with comments from a top Trump administration official that the U.S. would step up its offensive cyber measures - are getting mixed reviews from cybersecurity experts.
In Australia, it can take as few as 15 minutes to steal someone's phone number, a type of attack known as SIM hijacking. Such attacks are rising, but mobile operators have no plans to change the authentication required around number porting, which can be set in motion online with minimal personal information.