Security Breaches January 25, 2025 190 Million Healthcare Records Compromised in Change Healthcare Cyberattack The Change Healthcare cyberattack has caused massive disruption to healthcare services in the United States, including huge financial hardship for healthcare providers due to a ... Read more
Insights July 15, 2024 HIPAA Email Encryption Requirements The HIPAA email encryption requirements are that, when emails contain electronic Protected Health Information (ePHI), the emails must be encrypted to a minimum standard unless ... Read more
Compliance June 26, 2024 ComplianceJunction HIPAA Training Course Receives AHIMA Approval The Health Insurance Portability and Accountability Act (HIPAA) applies to healthcare providers health plans, healthcare clearinghouses, and their business associates. HIPAA has important privacy and ... Read more
Tools & Practices March 25, 2024 CISA and NSA Issue Guidance Sheets on Best Practices for Cloud Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) have jointly issued a series of five cybersecurity information sheets following ... Read more
Cyber Threats February 20, 2024 LockBit Ransomware Operation Disrupted by Law Enforcement; Decryptor Released The world’s most harmful cybercrime group – LockBit – has had its infrastructure seized in a global law enforcement operation. Law enforcement agencies from 10 ... Read more
Compliance February 14, 2024 Half the Population of France Affected by Data Breaches at Healthcare Payment Processors The French Data Protection Agency, CNIL, is investigating two data breaches at healthcare payment processors that have affected around 33 million individuals –almost half the ... Read more
Compliance February 14, 2024 February 2024 Patch Tuesday: Microsoft Patches 73 Flaws; 2 0Days Microsoft has released patches to fix 73 flaws across its product suite on February 2024 Patch Tuesday, including 2 zero-day bugs that are being actively ... Read more
Cyber Threats February 9, 2024 Critical FortiOS SSL VPN Vulnerability Likely Being Exploited in Attacks Fortinet has disclosed a new critical flaw in the FortiOS SSL VPN which is most likely already being exploited in the wild. The out-of-bounds write ... Read more
Security Breaches February 8, 2024 PRC Hackers Inside U.S. Critical Infrastructure Systems in Preparation for Devastating Cyberattacks The Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the Federal Bureau of Investigation (FBI) have issued an alert to all ... Read more
Cyber Threats February 6, 2024 Ivanti Connect Secure and Policy Secure Vulnerability Under Mass Exploitation A zero day vulnerability affecting Ivanti Connect Secure and Ivanti Policy Secure that was disclosed by Ivanti on January 31, 2023, is now under mass ... Read more
Security Breaches February 5, 2024 AnyDesk Confirms Cyberattack and Breach of Production Environment AnyDesk, one of the most popular remote desktop software providers with more than 170,000 customers globally, has recently confirmed it fell victim to a cyberattack. ... Read more
Trends & Reports January 29, 2024 Is Intuit QuickBooks HIPAA Compliant? Intuit QuickBooks is not HIPAA compliant unless the downloadable version of the software is deployed in a HIPAA compliant hosting service that prevents Intuit from ... Read more
Security Breaches January 23, 2024 The Mother of All Breaches: Exposed Database Contains 26 Billion Records Cybersecurity researcher Bob Diachenko of Security Discovery and the team at CyberNews have uncovered what is thought to be the largest-ever collection of stolen data, ... Read more
Cyber Threats January 23, 2024 74% of Organizations Punish Employees for Phishing Failures Many cybersecurity threats keep cybersecurity professionals awake at night but phishing attacks top of the list. According to a recent survey of cybersecurity professionals by ... Read more
Cyber Threats January 16, 2024 Mass Exploitation of Ivanti VPN and NAC Zero-Day Vulnerabilities Detected On January 10, 2024, Ivanti disclosed two zero day vulnerabilities in Ivanti Connect Secure VPN and Policy Secure NAC appliances that have been actively exploited ... Read more
Compliance January 8, 2024 Popular Password Manager Starts Enforcing 12-Character Master Passwords While there are different schools of thought on password complexity, security experts agree that when it comes to making passwords difficult to guess, the longer ... Read more
Cyber Threats January 3, 2024 Black Basta Ransomware Decryptor Developed Researchers at Security Research (SR) Labs have recently announced that they identified a weakness in the encryption algorithm used by Black Basta ransomware which can ... Read more
Tools & Practices December 21, 2023 Ivanti Patches 13 Critical Avalanche Mobile Device Management Vulnerabilities Ivanti has released 22 patches to fix vulnerabilities in the Avalanche mobile device management solution, 13 of which are rated critical. Ivanti Avalanche is an enterprise ... Read more
Cyber Threats December 21, 2023 Google Patches Actively Exploited Zero-Day Bug in Chrome A high-severity zero day vulnerability in the Google Chrome browser is being actively exploited in the wild. The vulnerability is tracked as CVE-2023-7024 and is ... Read more
Tools & Practices December 20, 2023 FBI Seizes BlackCat Infrastructure – ALPHV Responds by Removing Restrictions for Affiliates An international law enforcement operation has successfully disrupted the APHV/Blackcat ransomware operation. The Federal Bureau of Investigation (FBI) was able to gain access to the ... Read more
Tools & Practices December 13, 2023 Microsoft Patches 34 Vulnerabilities and One 0Day on December Patch Tuesday December 2023 Patch Tuesday was light on fixes for vulnerabilities, with patches released for just 34 CVEs, including one zero-day vulnerability. The 34 vulnerabilities include ... Read more
Security Breaches December 5, 2023 23andMe Confirms Hacker Stole Data of 6.9 Million Users On Friday, the direct-to-consumer genetic testing company, 23andMe, confirmed that hackers gained access to the personal information of approximately 6.9 million customers in an October ... Read more
Compliance November 29, 2023 Ardent Health System Ransomware Attack Affects Hospitals in Multiple States A U.S. healthcare provider that operates hospitals in 6 states suffered a ransomware attack that has caused outages at several of its hospitals. Ardent Health ... Read more
Cyber Threats November 28, 2023 Max Severity OwnCloud Flaw Actively Exploited in the Wild A critical vulnerability in OwnCloud, a popular open-source self-hosted file synchronization and sharing solution, has started to be exploited by cyber actors. The vulnerability affects ... Read more
Compliance November 21, 2023 COO of Cybersecurity Company Pleads Guilty to Attack on Georgia Hospitals to Drum up Business The former chief operating officer (COO) of a cybersecurity firm who hacked two hospitals in an attempt to win business has changed his plea to ... Read more
Tools & Practices November 20, 2023 CISA Publishes Healthcare Cybersecurity Mitigation Guide In New York state, the healthcare industry was the most targeted critical infrastructure sector in 2022 and attacks in the first half of 2023 have ... Read more
Tools & Practices November 15, 2023 Microsoft Patches 5 Zero-Days on November 2023 Patch Tuesday On November 2023 Patch Tuesday, Microsoft released patches to fix 63 vulnerabilities across its product suite, including 5 zero-day flaws, 3 of which are known ... Read more
Cyber Threats November 14, 2023 Feds Warn of Potential Rebrand of Royal Ransomware Group A joint Cybersecurity Advisory> has been issued by the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) that includes updated ... Read more
Compliance November 7, 2023 American Hospital Association Files Lawsuit Against HHS Over Tracking Technology Guidance In December 2022, the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) issued guidance for entities regulated by the Health Insurance ... Read more
Cyber Threats November 7, 2023 Critical Atlassian Confluence Data Center and Server Vulnerability Exploited by Ransomware Gangs On October 31, 2023, Atlassian issued a security advisory about a critical vulnerability that affected all versions of Confluence Data Center and Server. The improper ... Read more
