Worldwide Cybersecurity Spending in 2017 to Exceed $86.4 Billion
Aug17

Worldwide Cybersecurity Spending in 2017 to Exceed $86.4 Billion

Gartner has released a new report predicting worldwide cybersecurity spending in 2017 will reach $86.4 billion. The information security market is now the fastest growing sector and will increase by 7% by the end of 2017. Gartner predicts growth in the sector will be similar in 2018, with spending rising to $93 billion next year. Within the infrastructure protection segment, Gartner says the biggest growth will be in security testing....

Read More
NIST Revises Guidance on Passwords
Aug17

NIST Revises Guidance on Passwords

The National Institute of Standards and Technology (NIST) has issued new guidance on passwords. It is standard practice to make passwords stronger by using a combination of capital letters, lower case letters, numbers and special characters. While that certainly makes it harder for cybercriminals to crack passwords using brute force methods, it also makes passwords particularly difficult to remember. In practice, forcing users to add...

Read More
HITRUST and Trend Micro Partnership to Improve Cyber Threat Xchange Capabilities
Aug15

HITRUST and Trend Micro Partnership to Improve Cyber Threat Xchange Capabilities

The Health Information Trust Alliance (HITRUST) has partnered with Trend Micro to form the HITRUST Cyber Threat Management and Response Center which will enhance the capabilities of the HITRUST Cyber Threat Xchange. The HITRUST Cyber Threat Xchange is the most widely adopted threat information sharing organization serving the healthcare industry. The HITRUST Cyber Threat Xchange provides detailed information on the latest cyber...

Read More
Mid-Year Healthcare Data Breach Report Shows Insiders Pose the Biggest Data Breach Risk
Aug03

Mid-Year Healthcare Data Breach Report Shows Insiders Pose the Biggest Data Breach Risk

Protenus has released its mid-year healthcare data breach report. The Breach Barometer reports chart the data breaches experienced by healthcare organizations each month and include data from the Office for Civil Rights and other verified sources. The mid-year data breach report is a summary of all breaches reported between January and June 2017. The mid-year healthcare data breach report shows that while the number of data breaches...

Read More
47% of Healthcare Orgs Have Had a HIPAA Data Breach in the Past 24 Months
Aug01

47% of Healthcare Orgs Have Had a HIPAA Data Breach in the Past 24 Months

A recent survey conducted by KMPG has revealed that 47% of healthcare organizations have experienced a HIPAA data breach in the past 24 months. The last time the KPMG Cyber Healthcare and Life Sciences Survey was conducted in 2015, 37% of respondents confirmed they had experienced a data breach over the same time period. 70% of respondents said they had experienced at least one security breach due to an unplugged vulnerability being...

Read More
Data Breach Reporting Tool Updated by OCR
Jul25

Data Breach Reporting Tool Updated by OCR

Following the passing of the HITECH Act in 2009, the Department of Health and Human Services’ Office for Civil Rights developed its data breach reporting tool to allow HIPAA-covered entities to easily submit reports of data breaches. A summary of data breach reports is published via the data breach reporting tool and is viewable by the public. The data breach list – which is commonly known as OCR’s Wall of Shame – details all reported...

Read More
Model Patient Request for Health Information Form Issued by AHIMA
Jul25

Model Patient Request for Health Information Form Issued by AHIMA

A model patient request for health information form has been issued by the American Health Information Management Association (AHIMA) that can be used by healthcare providers to give to patients who request copies of their health information. The HIPAA Privacy Rule permits patients to obtain copies of their health data from their providers, although at many hospitals the process is inefficient, lacks transparency and patients are...

Read More
Does GDPR Apply to US Companies?
Jul24

Does GDPR Apply to US Companies?

The General Data Protection Regulation (GDPR) comes into effect in the EU in May 2018, but does GDPR apply to US companies, and if so, how?   What is the General Data Protection Regulation (GDPR)? The General Data Protection Regulation is a new law in the European Union that was approved by the EU Parliament on April 14, 2016. GDPR – Regulation (EU) 2016/679 – will come into effect on May 25, 2018 – the deadline for ensuring...

Read More
Call Issued for Federal Agencies to Adopt DMARC to Prevent Phishing
Jul20

Call Issued for Federal Agencies to Adopt DMARC to Prevent Phishing

Over the past few months there have been several cases of criminals impersonating government departments in phishing campaigns, prompting Sen. Ron Wyden (D-OR) to write to the Department of Homeland Security calling for the use of DMARC to prevent phishing attacks using federal email domains. Phishers are gaining access to real domains used by federal agencies and are sending out phishing emails. The official domains add authenticity...

Read More
Ransomware Investigation Uncovered 15-Month Data Breach
Jul20

Ransomware Investigation Uncovered 15-Month Data Breach

When Peachtree Neurological Clinic was attacked with ransomware all was not lost as data were recoverable from backups; however, the ransomware investigation revealed something far worse. Its systems had been breached 15 months previously. The ransomware incident resulted in the encryption of the provider’s electronic medical records. A ransom demand was issued. Payment was required in exchange for the keys to unlock the encryption....

Read More
HHS Announces Closing Out of Office of the Chief Privacy Officer
Jul17

HHS Announces Closing Out of Office of the Chief Privacy Officer

The Department of Health and Human Services’ Office of the National Coordinator for Health Information Technology (ONC) will be closing out the Office of the Chief Privacy Officer in FY 2018 due to cuts to its budget. The budget cuts are intended to make the ONC more accountable and a much leaner organization. The ONC will have to operate with $22 million less funding in FY 2018, and the Office of the Chief Privacy Officer is one of...

Read More
UK Hospital Cybersecurity Funding to Increase by £21 Million
Jul16

UK Hospital Cybersecurity Funding to Increase by £21 Million

Hospital cybersecurity funding has been increased in the UK in the wake of the recent WannaCry ransomware attacks that crippled parts of the NHS. Health Secretary Jeremy Hunt has pledged a further £21 million ($27 million) will be made available to 27 major trauma centers in the UK to improve their cybersecurity protections. The additional hospital cybersecurity funding is intended to make it harder for hospitals to be attacked with...

Read More
Global Petya Ransomware Attacks involve Modified EternalBlue Exploit
Jun28

Global Petya Ransomware Attacks involve Modified EternalBlue Exploit

Global Petya ransomware attacks are underway with the campaign bearing similar hallmarks to the WannaCry ransomware attacks in May. The attackers are using the a modified EternalBlue exploit that takes advantage of the same SMBv1 vulnerability used in WannaCry. The ransomware variant bears a number of similarities to Petya ransomware, although this appears to be a new variant. Petya ransomware was first discovered last year, with the...

Read More
$115 Million Anthem Data Breach Settlement Agreed
Jun27

$115 Million Anthem Data Breach Settlement Agreed

A $115 million Anthem data breach settlement has been agreed in the consolidated data breach case filed on behalf of the 78.8 million victims of the firm’s 2015 data breach. If the Anthem data breach settlement is approved by the judge presiding over the case it will be a record-breaker – The largest data breach settlement ever reached. That said, the amount each victim will receive will be low. Lawyers will take one third of the...

Read More
Healthcare Data Breach Resolution Costs Fall
Jun26

Healthcare Data Breach Resolution Costs Fall

Healthcare data breach resolution costs are still higher than all other industries, but the latest Ponemon Institute/IBM Security study has shown that for the first time ever, those costs have fallen year-over-year. For seven years, Ponemon/IBM have been conducting their cost of a data breach study, and each year the costs of resolving data breaches has risen. However, this year, average breach resolution costs fell by around 10%. The...

Read More
PhishMe Lands Prestigious 2017 SC Europe Award for its Anti-Phishing Solutions
Jun14

PhishMe Lands Prestigious 2017 SC Europe Award for its Anti-Phishing Solutions

Each year, SC Media hosts a prestigious awards ceremony where the best companies and information security products are recognized and celebrated. The SC Awards are widely regarded as some of the most prestigious awards for companies in the field of information security. Each company and product is scrutinized by two panels of judges which score the companies and products on a wide range of criteria. To be selected as a finalist in one...

Read More
Q2 Saw a 400% Increase in Phishing Attacks on Businesses
Jun13

Q2 Saw a 400% Increase in Phishing Attacks on Businesses

The threat from phishing has been growing steadily over the past few years, but a new report from Mimecast shows the threat is greater than ever before with more phishing attacks on businesses than any other time in history. The report shows there has been a 400% increase in phishing attacks on businesses in Q2, 2017. For the study, Mimecast analyzed the inbound emails of 44,000 business users. That analysis showed cybercriminals are...

Read More
Phishing Trends and Intelligence Report Published by PhishLabs
Jun12

Phishing Trends and Intelligence Report Published by PhishLabs

PhishLabs, a leading provider of phishing defense solutions, has published its Phishing Trends and Intelligence Report for Q1, 2017. The report shows that cybercriminals have changing tactics and targets in the first quarter of 2017, attacking different industries with different methods compared to the previous quarter. PhishLabs CEO Tony Price said, “The first quarter of 2017 shows just how quickly the phishing threat landscape...

Read More
PhishMe Offers Assistance with GDPR Compliance
Jun10

PhishMe Offers Assistance with GDPR Compliance

The General Data Protection Regulation (GDPR) will be written into EU law next year, although companies need to start their GDPR compliance programs now if they are to ensure they are fully compliant before the May 25, 2018 deadline. Any company that is discovered not to be in compliance with the new regulation after that date faces a stiff financial penalty. The maximum fine for non-compliance with GDPR is $20 million Euros or 4% of...

Read More
Pacemaker Cybersecurity Protections Found Lacking
Jun01

Pacemaker Cybersecurity Protections Found Lacking

A recent study has found pacemaker cybersecurity protections not only to be lacking, but woefully inadequate. Many of the devices tested were discovered to contain thousands of software vulnerabilities, many of which could potentially be exploited by cybercriminals to gain access to the devices and their associated systems. Medical device security issues have long been a concern, yet little is being done to address the problems. In...

Read More
New Ironscales Report Delves into Current Phishing Trends
May30

New Ironscales Report Delves into Current Phishing Trends

Ironscales, a leading vendor of anti-phishing solutions, has published a new report on the latest phishing trends. The report shows how phishing tactics have changed, the effectiveness of phishing campaigns and how traditional anti-spam technologies are failing to block spear phishing attacks. The report – titled ‘How Modern Email Phishing Attacks Have Organizations on the Hook’ – was the result of a study of 8,500 verified...

Read More
Windows 7 Computers Worse Hit by WannaCry Ransomware
May23

Windows 7 Computers Worse Hit by WannaCry Ransomware

The WannaCry ransomware attacks are understood to have resulted in data being encrypted on around 300,000 computers in 150 countries. The attackers took advantage of unpatched software, exploiting a vulnerability in Microsoft Server Message Block 1.0 (SMBv1) using the EternalBlue exploit stolen from the NSA and published online by the hacking group Shadow Brokers. While a patch had been released by Microsoft to fix the vulnerability...

Read More
Wanna Decryptor Ransomware Encrypts Data on Medical Devices
May18

Wanna Decryptor Ransomware Encrypts Data on Medical Devices

Friday’s Wanna Decryptor ransomware campaign badly affected NHS hospitals in the United Kingdom, with 40 hospitals spread across at least 24 Trusts confirming they were affected and had data encrypted. However, some media reports claim as many as 48 of the 248 Trusts in the UK were impacted by the attack to some degree. Wanna Decryptor (WannaCry/WannaCrypt) attacks rapidly spread across the globe, with an estimated 200,000 victims...

Read More
WannaCry Ransomware Campaign Thwarted
May15

WannaCry Ransomware Campaign Thwarted

The WannaCry ransomware campaign that saw 61 NHS Trusts in the UK attacked has been stopped thanks to the actions of a UK security blogger and malware researcher. The individual, who wishes to remain anonymous, found a kill switch for the ransomware that prevented it from encrypting files. The WannaCry ransomware campaign was launched on Friday May 12, 2017, with infections occurring at lightning speed. In contrast to many ransomware...

Read More
NIST Small Business Cybersecurity Act of 2017 Approved by House Committee
May08

NIST Small Business Cybersecurity Act of 2017 Approved by House Committee

The NIST Small Business Cybersecurity Act of 2017 has been approved by the U.S. House Committee on Science, Space, and Technology. The new act requires the National Institute for Standards and Technology to issue new cybersecurity guidance for small businesses to help them manage cybersecurity risk. Cyberattacks on small businesses are now commonplace with cybercriminals often targeting small businesses. Smaller businesses may not...

Read More
Webroot Antivirus Update Problems Mount: Servers, PCs and Apps Crippled
Apr25

Webroot Antivirus Update Problems Mount: Servers, PCs and Apps Crippled

Webroot antivirus update problems are mounting with many thousands of the company’s customers experiencing severe issues after installing an April 24 update. Customers who had their computers running between 7PM and 9PM UTC on April 24 and had their AV set to update automatically had the update applied. While the update should have simply loaded the latest malware signatures, hundreds of critical files were accidentally marked as...

Read More
Employee Security Awareness is the Biggest Healthcare Data Security Threat
Apr20

Employee Security Awareness is the Biggest Healthcare Data Security Threat

Hackers continue to target healthcare organizations, malware is a constant threat, and ransomware continues to pose many problems, but when it comes to the biggest healthcare data security threats, employee security awareness has topped the table. HIMSS Analytics recently asked 125 healthcare IT leaders and IT professionals about their biggest concerns, and top spot when it came to data security threats was a lack of employee security...

Read More
March Sees Increase in Healthcare Data Breaches and Victim Count
Apr18

March Sees Increase in Healthcare Data Breaches and Victim Count

This year has seen healthcare data breaches remain steady for the first couple of months, although March saw the number of incidents rise and the severity of those incidents also increase. In January and February, 31 incidents occurred each month. In March, there were 39 reported incidents, according to the latest Breach Barometer healthcare data breach report from Protenus. The number of records exposed or stolen in those attacks...

Read More
Companies Wasting Money on Unused Cloud Capacity
Apr13

Companies Wasting Money on Unused Cloud Capacity

There are many benefits to switching to cloud computing, although one of the most important reasons for switching to the cloud is to save money. The cloud allows companies to avoid paying for expensive on-premise hardware. Purchasing servers requires a high capital expenditure, which can be avoided by using the cloud. More hardware also needs to be purchased than is actually necessary to make sure there is sufficient capacity to cope...

Read More
Philadelphia Ransomware Used in Targeted Attacks on US Hospitals
Apr11

Philadelphia Ransomware Used in Targeted Attacks on US Hospitals

Cybercriminals are conducting targeted attacks on U.S. healthcare organizations using Philadelphia ransomware; a relatively new ransomware variant developed from Stampedo ransomware. Philadelphia ransomware was first seen in September 2016, although recently, a new campaign has been detected that has already seen two U.S hospitals have sensitive files encrypted. The actors behind the latest attacks are targeting physicians using spear...

Read More