The federal tally of health data breaches reached a new milestone this week: Since its inception in September 2009, more than 5,000 major incidents have been posted to the Department of Health and Human Services' HIPAA breach "wall of shame."
As controversy grows around the use of Facebook Pixel code and similar tracking tools that harvest sensitive health and other personal data of consumers, so does the pressure from lawmakers demanding answers from tech vendors about those data collection practices.
Advocate Aurora Health is notifying 3 million individuals of a health data breach involving the organization's "previous" use of web tracking tools from tech vendors including Google and Facebook's parent company, Meta. The entity says it has disabled or removed those tracking services.
Beware ransomware and data extortion shakedowns that trace to a cybercrime gang called Daixin Team, which is especially targeting the healthcare sector, as well as wielding phishing emails and a proficiency with VMware server environments, warns a new U.S. government cybersecurity advisory.
Europe faces an annual investment gap of 1.75 billion euros in the cybersecurity industry compared to the United States, warn the European Commission and the European Investment Bank. They propose a new fund dubbed the European Cybersecurity Investment Platform to foster domestic industry growth.
Many entities fight an uphill battle against increasingly clever phishing and related scams that lead to serious data compromises, say former CIA analyst Eric Cole and former Department of Justice Assistant Attorney General David Kris, who are both advisers at security firm Theon Technology.
Australia's largest private health insurer has transformed over a week from being confident that it repelled a cyber incident to being apologetic after disclosing that hackers got away with up to 200 gigabytes of customer data. Australian Federal Police are investigating the incident at Medibank.
Too many medical device makers don't pay close attention to the fine details and features of their product designs to ensure they are safe and secure, says Naomi Schwartz, a former product reviewer at the Food and Drug Administration and current cybersecurity adviser at security firm MedCrypt.
Hacking capabilities once reserved for nation-states are filtering down to the level of crimeware, warns Kaspersky researcher Sergey Lozhkin. Darknet forums are filled with self-taught hackers selling advanced capabilities for a good price, he says.
Australian health insurer Medibank says it received a ransomware demand from hackers asserting to have stolen data during a cybersecurity incident the company detected on Oct. 12. "Based on our ongoing forensic investigation we are treating the matter seriously at this time," the company says.
Cyberattacks on healthcare entities result in poor patient outcomes, including delayed procedures and even a rise in mortality, according to a recent survey conducted by research firm the Ponemon Institute. Ryan Witt of Proofpoint, which sponsored the study, discusses the findings.
Days of accusations that the longtime head of the German government agency responsible for securing the government from cyberthreats has ties to Russia ended with his dismissal. Arne Schönbohm "damaged ... public confidence," said a spokesperson for the Ministry of the Interior.
A study by data privacy firm Lokker found thousands of healthcare providers deploying Facebook Pixel and other similar tracking tools. Those trackers reveal "medical and other data that consumers don't know is being tracked and haven't authorized," says Ian Cohen, Lokker's chief executive officer.
In the latest "Proof of Concept," Lisa Sotto of Hunton Andrews Kurth LLP and former CISO David Pollino join ISMG editors discuss the first California consumer protection fine issued against retailer Sephora, defending against new ransomware tactics, and mitigating the impact of Zelle scams.