Aggregator

The European Network and Information Security Agency, ENISA, has compiled a list of existing initiatives focused on finding and preventing software vulnerabilities.

A notice of proposed rulemaking from the HHS Office for Civil Rights that would modify the HIPAA Privacy Rule standard for accounting of disclosures of protected health information and add new requirements for access reports.

The Final FFIEC Guidance has been issued and its main intent is to reinforce the 2005 Guidance's risk management framework and update the Agencies' expectations regarding customer authentication, layered security, or other controls in the increasingly hostile online environment.

The Department of Health and Human Services' Office for Civil Rights provided a report to Congress on health information breaches from September 2009 through 2010, as required under the HITECH Act. Nearly 7.9 million Americans were affected by almost 30,800 health information breaches, according to the report.

IT Services Vendor Is Sending Individual Letters to Victims on a Rolling Basis
Millions of Americans will soon receive a breach notification letter from Change Healthcare, which said on Monday that it has started the process of notifying victims of the massive cyberattack and data theft incident first detected more than five months ago.

Leading Cybersecurity, Technology Companies 'Gravely Concerned' Over Cyber Treaty
Leading cybersecurity and technology firms in the West feel "abandoned" by the United States and Europe as talks for a United Nations cybercrime treaty near their end. Member nations resumed cybercrime treaty negotiations on Monday in New York.

Peter McKay on Improving Developer Practices, Integrating Security and Cutting Risk
Snyk CEO Peter McKay discusses lessons from the recent CrowdStrike outage, emphasizing the importance of robust development practices, effective communication and the integration of quality and security in modern software development. He also highlights Snyk's role in advancing developer security.

Threat Actors Profit From GitHub's Inauthentic Accounts Network
Hackers apparently stymied by improved network detection of malware are turning to fake GitHub repositories to host malicious links and archives embedded with viruses. A threat actor dubbed "Stargazer Goblin" is a step beyond hackers who merely use GitHub repositories to host malicious code.

Andres Andreu Discusses How to Make an Organization Secure - and Successful
To make cybersecurity a business enabler, cybersecurity teams need to focus on opening things up in a secure fashion so that the functionality and productivity of the business can flourish. Hearst's Andres Andreu discusses the areas in which this can be done.

Help Organizations Build Robust Defenses Against Human-Centric Threats
Social engineering, which involves manipulating individuals into sharing confidential data or performing actions that compromise security, is a big threat. As organizations realize the importance of addressing human-centric security risks, the demand for social engineering defense experts will rise.

Microsoft's Tool Requires Physical Access, a 'Time-Consuming and Laborious Task'
Microsoft's statement that a faulty CrowdStrike update affected less than 1% of active Windows systems doesn't tell the full story, since large organizations in critical sectors make up a disproportionate part of the user base, as the outages in healthcare, transportation and banking demonstrate.

Tips on Managing Public Relations in the Face of a Cyber Incident
Cybersecurity incidents are not just technical problems. They are also major public relations challenges. Effective IT and cybersecurity leadership during a crisis can significantly affect your company's reputation, stakeholder trust and overall recovery - and have a big impact on your career.

What kind of people do cybersecurity for a living? In the past, there was a formula potential practitioners followed, but today there are many ways to get into the field and having people from diverse backgrounds is valued. The Curry brothers discuss the cybersecurity profession.

The deployment of an asset management platform is helping Main Line Health gain deeper visibility and better security over the 100,000-plus medical devices and IoT gear used throughout the group's multiple hospitals and medical facilities, said CISO Aaron Weismann, who discusses the implementation.

Healthcare groups should consider several key points about a recent Texas federal court ruling and its impact on the use of online tracker technology on the healthcare websites of HIPAA-regulated organizations, said privacy attorney Iliana Peters of the law firm Polsinelli.

The interconnectedness of medical devices, which generate data that can be distributed to multiple systems that are often managed by different policies, presents privacy concerns that device manufacturers must address, said Adam Hesse, CEO of Full Spectrum.