As CISO of Edward-Elmhurst Health, Shefali Mookencherry consistently works at the intersection of cybersecurity and privacy. "Privacy tells us why," she says, "and security tells us how." She discusses her role and the inherent challenges it poses to her.
Hackers are turning to cryptojacking to make easy money despite the fall in cryptocurrency valuation, including ransomware cybercriminals attracted by the lower-stakes world of cryptojacking, says threat intelligence firm SonicWall. The financial industry has seen a surge in cryptojacking attacks.
The US Consumer Financial Protection Bureau reportedly plans to release new guidance requiring banks to reimburse consumers for certain money-transfer service scams. Ken Palla, former director at Union Bank, says banks might look to the U.K. for examples of how to stop authorized push payment fraud.
Data breaches in the healthcare sector cost about $10.1 million - more than double the average cost of breaches across other industries - once again ranking the sector as having the most expensive data breaches, says Limor Kessem, principal consultant of cyber crisis management at IBM Security.
A recent Securities and Exchange Commission filing by Tenet Healthcare, a major Dallas-based healthcare delivery organization, provides the latest public peek into the hefty impact a disruptive cyber incident can have on a healthcare entity's finances.
Federal regulators say credit unions should report cyber incidents within 72 hours, including those experienced by third-party vendors that process member data. Just five deposit, payment, and data processing service companies dominate the credit union market.
New draft guidance from the National Institute of Standards and Technology - if properly applied by HIPAA regulated entities - could help organizations avoid fines and similar enforcement actions by regulators in the wake of breaches, some experts say.
Federal authorities are advising healthcare entities to fortify their defenses against cyberattacks involving web applications, including patient portals, telehealth services and webmail. Such apps offer hackers many potential entry points into an organization, they warn.
Two recent data breach lawsuit settlements by healthcare organizations underscore mounting liability risk stemming from a growing number of lawsuits. Missouri-based BJC Healthcare has agreed to pay up to $2.7 million to settle while Indiana-based Methodist Hospitals is on the hook for $425,000.
Ohio's top elections official plugged bug bounties as one way of ensuring the integrity of American elections. Secretary of State Frank LaRose, a Republican, told a congressional panel that Ohio was the first U.S. state to implement a vulnerability disclosure policy for its election systems.
A slew of HIPAA enforcement actions is a sign that regulators are impatient with the short shrift that many medical providers give to providing patients access to their health information. No fewer than 11 of the last dozen HIPAA fines focus on a right of access dispute.
The U.S. Justice Department clawed back $500,000 from North Korean-government-sponsored cyberattackers who launched Maui ransomware assaults on the U.S. healthcare sector. Healthcare ransomware attacks have soared over the past two years, and the sector is among those most likely to pay a ransom.
The U.S. Cybersecurity and Infrastructure Security Agency will open a London office as a first step to building an international presence it hopes will result in more threat indicator data, improved international cybersecurity and more foreign governments adopting similar cybersecurity policies.
The Albanian government says a cyberattack forced the national e-services portal offline. The office of Prime Minister Edi Rama says the attack is similar to those seen in Ukraine and other European countries where there has been an uptick in cyberattacks following Russia's invasion of Ukraine.
Venable's Grant Schneider and Jeremy Grant and ISMG editors discuss progress at the U.S. federal level in developing legislation for digital identity, the significance of an 18% increase in funding for CISA in fiscal year 2023 and the challenges of expanding the use of software bills of materials.