In its most recent assault against a healthcare entity, ransomware-as-a-service operator AvosLocker claims to be behind an attack allegedly involving data theft from Texas-based CHRISTUS Health, which operates hundreds of healthcare facilities in the U.S., Mexico and South America.
The European Parliament and the Council of the European Union on Friday reached a provisional agreement to set a "baseline for cybersecurity risk management measures and reporting obligations." Called NIS2, it is a modernized framework based on the EU Network and Information Security Directive.
A recent ransomware attack disclosed by a medication management systems provider is the latest reminder of persistent cybersecurity threats and risks facing healthcare supply chain and related vendors, as well as their customers. What's at stake?
CERT-In has mandated that starting June 28, both government and private organizations in the country must inform the agency within six hours of discovering a cybersecurity incident. What do CISOs feel about this, and how are they planning to approach this new requirement?
New York state officials are investigating a data breach at Illuminate Education, maker of a widely used software platform for K-12 schools. More than 1 million current and former New York students' personal details were exposed, and some students in California, Colorado and Connecticut were also affected.
The number of organizations being breached is on the rise, according to Forrester's 2021 State of Enterprise Breaches report. Allie Mellen describes the trend as "disappointing" and discusses the misaligned expectations some organizations have about breaches, as well as other report findings.
New cyber incident reporting rules are set to come into effect in the U.S. on May 1. Banks in the country will be required to notify regulators within 36 hours after an organization suffers a qualifying "computer-security incident." What does this mean for banks, and what are the likely challenges?
In what is likely the shortest breach reporting timeline globally, the Indian Computer Emergency Response Team, CERT-In, has mandated that starting June 28, government and private organizations in the country must inform the agency within six hours of discovering a cybersecurity incident.
Recent incidents affecting the sensitive information of tens of thousands of individuals underscore the ongoing threats and risks facing organizations that handle health and other delicate personal information, including a community health center and a social services agency.
Half of the 10 largest health data breaches so far in 2022 - affecting millions of individuals - have been added to the federal tally in just the last month as the latest wave of major hacking incidents being reported to regulators continues to grow.
The American Dental Association allegedly was hit with an attack by new ransomware group "Black Basta." ADA is the latest medical professional organization to have a cyber incident disrupt services and potentially affect members' information. Tenet Health also experienced a cyberattack last week.
The U.S. telecom carrier T-Mobile has confirmed that the Lapsus$ ransomware group has breached its internal network by compromising employee accounts. The company says hackers did not steal any sensitive customer or government information during the incident.
Solara Medical Supplies has agreed to pay $5 million and implement a host of security improvements under a proposed settlement of a consolidated class action lawsuit involving a 2019 phishing incident that affected sensitive information of more than 114,000 individuals.
To answer questions about the state of their cybersecurity posture, CISOs need to have a rigorous process to measure and analyze cyber risk. Furthermore, understanding and quantifying risk levels is key to developing a bulletproof cybersecurity strategy.
In this eBook, we cover:
Why cyber risks arise and how to...
More than 670,000 individuals have been affected by two 2021 hacking incidents that were only recently reported to federal regulators. The breaches involve healthcare software and billing services firm Adaptive Health Integrations and urgent care provider Urgent Team Holdings.