Healthcare organizations often face obstacles in sharing cybersecurity information. Phil Englert and Errol Weiss from Health-ISAC advocate for shifting the focus from legal risks to business risks, improving incident response and building resilience through collaboration and transparency.
Cybersecurity firm CrowdStrike has yet to see any lawsuits get filed against it by customers, following its July 19 faulty software update crashing systems worldwide. Does that speak to the company having run a well-executed crisis management strategy?
A Louisiana-based ambulance company that provides emergency medical care services in four states is notifying nearly 3 million people that their sensitive health information was potentially stolen in a June hack. Ransomware gang Daixin claims to have published the data on its dark web leak site.
Texas Attorney General Ken Paxton is suing the Biden administration, alleging that "unlawful" HIPAA Privacy Rule regulations are hindering the state's law enforcement investigations into abortion cases and other reproductive health care cases.
Federal authorities are alerting healthcare entities of vulnerabilities - including older flaws - that put Apache Tomcat at risk for attacks if left unmitigated. The open-source web server is heavily used in healthcare for hosting electronic health record and other systems and applications.
Planned Parenthood of Montana, which provides patients with reproductive healthcare services including birth control and abortion, is responding to a hack and a threat by cybercriminal group RansomHub to leak 93 gigabytes of data allegedly stolen from the organization.
The Digital Operational Resilience Act aims to reshape the financial services industry by introducing strict cybersecurity standards. Financial institutions must comply with the new rules by Jan. 17, 2025, or face severe penalties, said Richard Breavington, head of cyber and tech insurance at RPC.
The Dutch data regulator is the latest agency to fine artificial intelligence company Clearview AI over its facial data harvesting and other privacy violations of GDPR rules, joining regulatory agencies in France, Italy, Greece and the United Kingdom.
The Department of Health and Human Services has dropped its appeal of a recent federal court decision saying that HHS exceeded its authority in warning HIPAA-regulated entities that it's unlawful to use online tracking tools to capture certain identifiers in user visits to health-related websites.
A vendor that provides information systems and transcription services to radiology practices is alerting 411,037 people of a hack discovered last December involving the theft of sensitive data. The firm already faces at least four proposed federal class action lawsuits related to the hack.
A California security camera company agreed to pay a $2.95 million civil penalty and implement a security program after hackers in 2021 accessed video from 150,000 internet-connected security cameras, including from devices placed inside psychiatric hospitals and women's health clinics.
A bipartisan House bill aims to bolster cybersecurity in the healthcare sector by requiring stronger collaboration between CISA and the Department of Health and Human Services. The bill is a companion to nearly identical bipartisan legislation introduced in the Senate in July.
The arrest and indictment of Telegram CEO Pavel Durov is sparking concerns about the viability of encrypted communications in France. The Paris Prosecutor's Office indicted Durov, the 39-year-old Russian-born owner of Telegram on Wednesday, after arresting him Saturday night.
In the latest weekly update, Information Security Media Group editors discussed how CrowdStrike's competitors are responding to its outage, why security vendors want to serve the unique needs of SMB organizations and the status of U.N. efforts to develop a treaty designed to combat cybercrime.
The NIS2 Directive focuses on addressing gaps and strengthening the security of network and information systems across the European Union. NIS2 mandates rapid incident reporting and holds senior management accountable for cybersecurity, shifting responsibilities to the board level.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing paymentsecurity.io, you agree to our use of cookies.