Members of Congress don't agree on much these days. But a new bipartisan working group launched in the Senate on Thursday hopes to rally congressional support for potential legislation focused on improving the state of cybersecurity in the healthcare sector.
In the latest weekly update, ISMG editors discuss how Israeli tech companies are supporting the war effort, how the volume of ransomware attacks reached a record high in September and why retailer Costco faces privacy claims for its use of website tracking tools for online pharmacy customers.
The Department of Homeland Security inspector general found U.S. Immigration and Customs Enforcement employees had downloaded "risky user-installed mobile applications" onto government devices despite the devices being banned from federal information systems for posing national security risks.
Security researchers say an Iranian state hacking group is likely using spearfishing and a legitimate content hosting service in a cyberespionage campaign targeted against Israel. The hacker group, tracked as MuddyWater, likely mounted a new campaign after the onset of the Israel-Hamas war.
Stolen and compromised credentials continue to be the crux of major health data security incidents involving cloud environments. But stronger credential management practices and a focused approach to "least privilege engineering" would help, said Taylor Lehmann of Google Cloud.
Harry Coker, the former executive director of the National Security Agency, told lawmakers he will take a "whole of government" approach to bolstering national cybersecurity if confirmed to serve as the second-ever permanent national cyber director, a post that has remained vacant for five months.
Five regional hospitals in Ontario still have no access to patients' electronic health records and other critical data nearly two weeks after an attack on their shared IT services provider. Ransomware group Daixin Team claims it stole more than 5.6 million patient records in the attack.
Oren Eytan spent 25 years in the Israel Defense Forces, rising to the rank of colonel and heading the IDF's cybersecurity unit. Now, as CEO of odix, an Israeli cybersecurity vendor, he is helping his country rebound from the Oct. 7 attacks and support the nation's war against Hamas.
Texas-based mental healthcare provider Deer Oaks Behavioral Health is notifying nearly 172,000 patients that their information was potentially compromised in a ransomware incident, even though the attack was apparently quickly detected and contained.
Once ransomware hackers get inside a healthcare sector organization's systems, 3 in 4 attackers will also maliciously encrypt data, says security firm Sophos. Attackers successfully encrypted data in 75% of ransomware attacks on healthcare sector entities, researchers report.
A Georgia-based firm that provides administrative services for health plans is among the latest firms reporting a major health data hack involving their use of Progress Software's MOVEit file transfer software. NASCO joined a growing list of health sector vendors hit by MOVEit hacks.
A Massachusetts-based medical management firm holds the dubious honor of being the first ransomware victim fined for a data breach by the Department of Health and Human Services. Doctors Management Group agreed to a $100,000 financial settlement and three years of HIPAA compliance monitoring.
The recently ended ISMG Financial Services Summit was dedicated to fortifying cybersecurity preparedness in the financial services industry. Thought leaders guided critical discussions on cybersecurity topics such as critical infrastructure, incident response, supply chain threats and zero trust.
Costco warehouse customers often get free samples of cheese and beef jerky. But members who fill their prescriptions online at Costco pharmacies allegedly get their sensitive information unlawfully scraped and transmitted to third parties, claim two proposed federal class action lawsuits.
North Korean hackers are spreading malware through known vulnerabilities in legitimate software. In a new campaign spotted by Kaspersky researchers, the Lazarus group is targeting a version of an unnamed software product for which vulnerabilities have been reported and patches are available.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.eu, you agree to our use of cookies.