NIST Small Business Cybersecurity Act of 2017 Approved by House Committee
The NIST Small Business Cybersecurity Act of 2017 has been approved by the U.S. House Committee on Science, Space, and Technology. The new act requires the National Institute for Standards and Technology to issue new cybersecurity guidance for small businesses to help them manage cybersecurity risk. Cyberattacks on small businesses are now commonplace with cybercriminals often targeting small businesses. Smaller businesses may not...
74% of Organizations Vulnerable to Insider Threats
Spending on cybersecurity defenses has increased to reduce the risk of attacks by cybercriminals, yet organizations still feel vulnerable to insider threats. Furthermore, insider threats have increased in the past 12 months, according to a recent survey conducted on U.S. IT security professionals. 508 IT security professionals were surveyed by LinkedIn’s Information Security Community and Crowd Research Partners in a study conducted...
February Patch Tuesday Delayed as Microsoft Fixes Last Minute Issues
The Valentine’s Day update from Microsoft did not arrive yesterday as planned. February Patch Tuesday will be coming, just a little later than usual. The decision to bundle together updates means that if urgent flaws are not fixed in time, they would have to wait until the following month to be fixed. In this case, Microsoft has chosen to delay its monthly round of patches to make sure some serious issues are addressed and included in...
HITRUST Threat Catalogue Helps Healthcare Industry Prioritize Cybersecurity Threats
The HITRUST Alliance has announced that the organization will be releasing the HITRUST Threat Catalogue in March: A new resource to help healthcare organizations improve security by aligning the wide range of current cybersecurity threats and risk factors with its Common Security Framework. The Health Insurance Portability and Accountability Act (HIPAA) requires all covered entities to conduct a risk assessment to identify the...
Reputation Loss of More Concern than a Data Breach
Data breaches are a constant worry for most organizations, although a new study from the Ponemon Institute has shown that while the theft of data is a concern, it is the fallout from poor risk management that is the biggest worry. The biggest fear is not loss of data but loss of reputation. The study, which was sponsored by RiskVision, was conducted on 641 professionals involved in risk management at their respective organizations....
Global Cybercrime Costs Will Top $6 Trillion in 5 Years
A recent report published by Cybersecurity Ventures suggests global cybercrime costs will double over the next five years. Global cybercrime costs in 2015 are estimated to have reached $3 trillion. The damage inflicted by cybercriminals has been predicted to top $6 trillion by 2021. The managed security services provider (MSSP) and advisory firm calculated the damages from theft of intellectual property and data, financial fraud,...
Final Cybersecurity Guidance on Medical Devices Issued by FDA
Final cybersecurity guidance on medical devices has been issued by the U.S. Food and Drug Administration (FDA). The 30-page document augments previous guidance published by the FDA in 2014 and is intended to help manufacturers of medical devices implement policies, procedures, and controls to secure postmarket devices. Previous guidance has covered security controls and policies that should be implemented to ensure medical devices are...
Microsoft Admits Its Windows 10 Update Policy Was Too Aggressive
The aggressive tactics used by Microsoft to get push its Windows 10 upgrade annoyed many users. Many Windows users felt they were being bombarded with communications telling them to upgrade for security recommendations. The frequency that dialog boxes popped up on screens and the inability to remove or prevent notifications from appearing angered many Windows 7 and Windows 8 users. During a weekly podcast, Chris Capossela, Microsoft’s...
63% Increase in Healthcare Data Breaches in 2016
There has been a 63% increase in major healthcare data breaches in 2016, according to the 2016 Healthcare Cyber Breach Report from cybersecurity firm TrapX. The report, which covers healthcare data breaches in 2016 from January 1 to December 12, shows that while the total number of healthcare records exposed in 2016 was considerably lower than last year, the number of incidents increased substantially. In 2015, 111,812,172 records...
Samsa Ransomware Nets Criminals at Least $450,000 in a Year
The cybercriminals who have been infecting consumers and businesses with the ransomware variant SamSa have reportedly extorted $450,000 from businesses and consumers over the past 12 months, according to a recent report from Palo Alto Networks Unit 42 team. Researchers were able to calculate the cybercriminals’ minimum earnings by monitoring the Bitcoin Wallet addresses used by the attackers. Palo Alto Networks was able to see...
70% of Businesses Infected With Ransomware Pay Up
A recent study conducted on behalf of IBM Security has clearly demonstrated why ransomware has proved so popular with cybercriminals. Out of 600 businesses that were surveyed, almost half reported having experienced a ransomware attack. Out of those that had, 70% paid the attackers to supply keys to unlock the encryption. Ransom demands are typically around $700 per infected device, although the amounts charged can vary considerably....
Windows 8 and 10 Update Knocks Users Offline?
Internet Service Providers in the UK and Belgium have been flooded with calls from disgruntled customers who have been prevented from accessing the Internet over the weekend. The problem has been attributed to a flawed update that was automatically installed by Microsoft. The problems started last week with customers of ISPs BT, Plusnet, and TalkTalk experiencing intermittent Internet access, while Sky and Virgin Media customers also...
323,000 New Malware Samples Being Discovered Every Day
According to the latest figures from Kaspersky Lab, there are now more than 323,000 new malware samples being released every day: An increase of 13,000 per day compared to last year and 253,000 more malicious files per day than in 2011. Kaspersky Lab’s cloud database now contains the signatures for more than 1 billion forms of malware. The massive rise in new forms of malware is due to more sophisticated means of creating new malware....
Insider Breach Threat Main Concern of Half of IT Professionals
Almost half of IT professionals believe the insider breach threat is more of a concern than the threat posed by hackers. Hackers may pose a major risk to data security, but it is the insider breach threat that is most difficult to deal with. IT security solutions can be purchased to secure the network perimeter, but protecting data from internal attacks and accidental breaches is a major challenge. 49% of IT professionals that...
What are the Highest Risk IoT Devices for Enterprises?
Internet-connected devices can introduce considerable security risks, but what are the highest risk IoT devices for enterprises? According to a new report from cloud-based information security company Zscaler, the highest risk IoT devices for enterprises are surveillance cameras – devices that are purchased and installed to decrease risk. Unfortunately, while surveillance cameras can be used to reduce the risk of theft of equipment,...
Research Suggests Increased Enterprise Security Risk from IT Decentralization
A recent VMWare sponsored study conducted by Vanson Bourne suggests enterprises face an increased security risk from IT decentralization and IT professionals are not ready to deal with the security challenges that come from moving their IT infrastructure to the cloud. Vanson Bourne conducted the study on 3,300 individuals in 20 industries from 20 countries. Respondents were asked about IT decentralization and use of the cloud...
70% of IT Pros are Concerned about Cloud Security Risks
More organizations are now taking advantage of the benefits of the cloud, yet 70% of IT professionals are concerned about cloud security risks, according to the second global Cloud Security Survey from Netwrix Corp. The biggest concern is the potential for sensitive data to be accessed by employees of cloud service providers and third parties. 69% of respondents said unauthorized access was their biggest concern. Malware was also...
Can Antivirus Software Prevent Ransomware Attacks?
Can antivirus software prevent ransomware attacks? It’s possible, but extremely unlikely according to a recent survey conducted by Barkly. The survey showed that out of the companies polled, 100% of organizations that had experienced a ransomware attack in the past 12 months said they had AV software but it did not prevent ransomware from locking up files. Companies were also asked about some of the other protections they had in place...
IT Security Spending to Increase by 9% by 2018
The cybersecurity market is expected to continue to experienced strong growth as organizations increase their IT security spending to tackle the growing number of cybersecurity threats. As cyberattacks become increasingly sophisticated and more varied, organizations need to purchase new security products and commit more resources to keeping their networks and data secure. According to a new report from BCC Research, IT security...
SSL-Based DDoS Attacks ‘Trend of Q3’, says Kaspersky Lab
According to the latest threat intelligence report from Kaspersky Lab, cybercrime-as-a-service has proliferated in recent months and the cybercrime trend of the quarter is SSL-based DDoS attacks. Ransomware may still be a major issue, but the biggest threat facing businesses is SSL-based DDoS attacks. This is backed up by the 2016 Internet Organized Crime Threat Assessment (IOCTA) from Europol. The Europol report contains a stark...
Beazley Data Breach Insights Report Highlights Extent of Ransomware Problem
The Beazley Data Breach Insights Report is an annual publication summarizing the data breaches experienced by the company’s clients in the first nine months of the year. This year’s report shows there has been a 65% increase in data breaches in 2016, rising from 931 data breaches in 2015 to 1,437 breaches in 2016. Ransomware attacks have also increased significantly. There were 43 known attacks in 2015, whereas in 2016 the total has...
Hacktivist Indicted for Hospital DDoS Attacks
DDoS attacks rarely result in prosecution; however, this week the hacktivist allegedly behind a series of major hospital DDoS attacks in 2014 has been indicted on charges of conspiracy and intent to cause damage to a protected computer. If convicted of he hospital DDoS attacks, the hacktivist faces up to 15 years in jail. Martin Gottesfeld from Somerville, Mass., is alleged to have been involved in a series of DDoS attacks on Boston...
St. Jude Medical Faces New Allegations of Medical Device Vulnerabilities
In August, Muddy Waters published a report that alleged certain St. Jude Medical devices were susceptible to cytberattacks that placed the safety of patients at risk. Muddy Watters placed a short-selling bet on St. Jude Medical stock after being supplied with details of security vulnerabilities from research firm MedSec. St. Jude Medical has denied that the vulnerabilities exist, while a team of researchers from the University of...
Lack of Skilled CyberSecurity Experts Hampering Breach Response
The nation faces a serious shortage of skilled cybersecurity professionals and the lack of skilled staff is making it hard for organizations to prevent cyber-attacks and is seriously hampering many organizations’ breach response efforts. There is considerable demand for skilled cybersecurity professionals; however, a shortage of suitable applicants leaves many positions unfilled. A recent survey conducted by Dimensional Research on...
Fall in Price of Health Data Likely to Mean Healthcare Cyberattacks
Supply of healthcare data is outstripping demand which has led to a drop in the price of health data on the darknet, according to studies conducted by the World Privacy Forum and the Institute for Critical Infrastructure Technology. The research suggests the average price of a full set of health records was between $75 to $100 per set last year. The price has now fallen to between $20 to $50 per set of records, which means a sizable...
St. Jude Medical Forms Advisory Board to Improve Device Security
St. Jude Medical, a medical device manufacturer that was recently accused of allowing security vulnerabilities to persist that placed device users at risk from cyberattacks, has announced that further steps are being taken to ensure that cyber security risks are addressed. The company has taken the decision to form a new Cyber Security Medical Advisory Board (CSMAB) which will work with industry experts and government agencies to...
59% of Organizations Use Multi-Factor Authentication to Secure Assets
A recent survey conducted by the access management company SecureAuth has shown the use of multi-factor authentication to secure data is increasing in popularity, although passwords still appear to be favored by the majority of organizations. Passwords are not secure. They can be guessed or cracked using brute force attacks. End users also find it difficult to remember passwords and many still use simplistic passwords to secure their...
Confidence in Data Breach Preparedness Found to be Lacking
According to a recent study conducted by the Ponemon Institute, the vast majority of companies now have a data breach response plan in place, yet most of the IT professionals surveyed lacked confidence in their company’s data breach preparedness plans. Only 42% of respondents to the Experian-sponsored survey said their breach response plans were effective or very effective. 31% lacked confidence in their company’s ability to deal with...
Chinese Firm Blamed for Massive DDoS Attacks
Last month, the first recorded 1-Terabyte Distributed Denial of Service (DDoS) attack was recorded. The attack involved a massive botnet called Mirai, which consisted of hundreds of thousands of IoT devices, mostly security cameras and DVRs. The rapid growth of the Mirai botnet has occurred due to a lack of security controls in a range of IoT devices. Many Internet enabled devices contain default usernames and passwords which can be...
New Survey Shows Insider Data Breaches Increasing
According to a new report from cloud security software vendor Bitglass, insider data breaches have increased over the course of the past year. While malicious attacks are on the rise, the majority of insider data breaches are due to carelessness by employees. For the report, Bitglass surveyed 500 IT professionals and asked questions on insider threats to data security. 56% reported that insider leaks had increased in the past year and...
Less Than Half of IT Professionals Securely Wipe Hard Drives and Delete Data
A recent survey conducted by Blancco Technology Group has revealed that fewer than half of IT professionals securely wipe hard drives and delete data. The failure to ensure sensitive data is permanently erased could result in corporate secrets or sensitive information being obtained by criminals and competitors. For the study, Blancco surveyed more than 400 IT security professionals. Questions were asked about the methods used to...
IoT Security Breaches Are Easily Avoidable, Says Online Trust Alliance
Many IT security professionals are concerned about IoT security breaches and with good reason. Wearable devices in particular pose a big security risk. Many industry professionals believe IoT security breaches are difficult to prevent. However, according to the Online Trust Alliance, while security issues exist with IoT devices, the problem is not insurmountable. In fact, the majority of IoT breaches could have been prevented. The...
St. Jude Medical Sues Muddy Waters for Disseminating False Information
The “revelation” that St. Jude Medical devices contain serious security flaws that could potentially be exploited by hackers to cause harm to patients has certainly ruffled a few feathers. Late last month, MedSec Holdings Inc. provided detailed information to short-selling firm Muddy Waters about alleged security flaws in certain St. Jude defibrillators, pacemakers, and monitoring devices. The controversial move by MedSec has been...
FTC Fall Technology Series Explores the Ransomware Threat
A panel discussion at the Federal Trade Commission Fall Technology Series in Washington DC extensively covered the ransomware problem: One of the biggest cybersecurity threats ever faced by organizations and consumers. Over the last year, ransomware has grown to become a major threat to businesses. An increasing number of individuals are using crypto-ransomware to extort money out of companies. According to figures from the Justice...
Health and Fitness App Privacy Policies Often Absent, says Think Tank
One would assume that health and fitness app privacy policies would be more important than many other types of app, given the types of data they collect. However, according to a recent study performed by Washington DC think tank, The Future of Privacy, health and fitness app privacy policies are often nowhere to be seen. Only 60% of the apps assessed for the study actually had privacy policies compared to 76% of general apps. The...
Information Security Spending in 2016 to Exceed $80 Billion
Information security spending in 2016 will smash previous records. A new report from Gartner Inc., indicates global information security spending in 2016 will reach $81.6 billion. That represents an increase of 7.9% from 2015. At present, organizations are committing the most funds to consulting and IT outsourcing according to the report. Over the next four years the biggest growth areas are expected to be security testing and data...
Why the Visual Hacking Threat Should Not Be Ignored
The visual hacking threat should not be ignored. Visual hacking is easy to pull off and in the majority of cases attempts to steal data are successful, according to a new study released by the Ponemon Institute. Furthermore, low-tech threats such as visual hacking are under-addressed in many organizations. What is Visual Hacking? Visual hacking is the term used for capturing and stealing sensitive data by visual means. The attacks are...
Organizations Unprepared for Next Generation of Ransomware, Says Cisco
Cisco has recently published its 2016 Midyear Cybersecurity Report which suggests many organizations are simply not equipped to deal with the next generation of ransomware. The use of ransomware by cybercriminals has increased significantly in recent months, with many new and sophisticated variants already been released. Locky and CryptXXX currently pose the biggest threat to organizations. Locky is delivered via malicious email...
ONC: Healthcare Information Sharing and Analysis Organization to Receive $250K
Karen B. DeSalvo, National Coordinator for Health Information Technology of the Office of the National Coordinator for Health Information Technology, has announced that two new funding opportunities now exist for a healthcare Information Sharing and Analysis Organization (ISAO) for the Healthcare and Public Health sector. Cyberattacks on the healthcare industry have increased significantly in recent months as criminals attempt to gain...
Shade Ransomware Botnet Taken Down
The Shade Ransomware botnet has been taken down and new ransomware decryption tools have now been released to help victims recover their files. The takedown was a joint effort by Intel Security, Kaspersky Lab, Europol, and the National High Tech Crime Unit (NHTCU) of the Dutch police. Shade ransomware first appeared in 2014 and has been primarily used to infect individuals in Eastern and Central Europe. Shade ransomware was delivered...
New Ransomware Prevention Initiative Launched by Europol
Intel Security is leading a new ransomware prevention initiative which has the dual purpose of educating individuals on the danger of ransomware in an effort to prevent infections, and also helping victims who have had their files locked by ransomware. The ransomware prevention initiative involves a collaboration between Intel Security, Kaspersky Lab, Europol, and the Dutch Police (Politie). The risk from ransomware is growing at an...
Firefox will be Blocking Invisible Flash Content from August 2016
Firefox has announced that it will be blocking invisible Flash content from August 2016. The move has been prompted by the risk that Flash content poses to Firefox users. The update will also help to reduce Firefox browser crashes and should improve battery life on laptop computers. Blocking Invisible Flash Content Will Improve the User Experience Flash has been depreciating for some time, as web developers switch to alternative...
Cerber Ransomware C&C Shut Down
A command and control server used for a recent ransomware campaign has been shut down. The Cerber ransomware C&C was used as part of a campaign involving malicious Word macros, similar to many ransomware campaigns discovered this year. FireEye discovered the campaign and moved quickly to limit the damage caused. Within hours of discovering the Cerber ransomware C&C it was shut down by the Computer Emergency Response Teams in...
U.S. Government Looking to Recruit 3,500 More Cybersecurity Professionals in 2016
The U.S. government is currently trying to deal with increasingly sophisticated and persistent cybersecurity threats. Attacks are coming from all angles: Individuals, criminal gangs, hacktivists, and nation-state sponsored hackers are all targeting government agencies. In order to deal with the growing number of threats the U.S. government needs to bring in new talent. A recent memo sent to the heads of executive departments and...
Hackers Use Conficker to Conduct Hospital IOT Attacks
Hospital IOT attacks are not just theoretical. Hackers are actively targeting medical devices such as MRI machines, CT scanners, and other Internet-connected medical devices. The attackers are attempting to gain access to the devices in order to steal the protected health information of patients, as well as to establish a foothold in healthcare networks. Medical devices seldom have the same level of protection as PCs and servers....
Ponemon Institute Reports Increase in the Use of Enterprise File Encryption Software
The use of enterprise file encryption software has increased significantly in the past 12 months according to a new study conducted by the Ponemon Institute. The study was conducted on 5,009 respondents from companies in the world’s top 11 economies. A range of industries were represented in the study. According to the Thales e-Security-sponsored study, 41% of companies are now using enterprise file encryption software, compared to...
Improved Threat Intelligence Sharing Required to Tackle Ransomware Threat
A recent Health Information Trust Alliance (HITRUST) pilot project indicates the sharing of threat intelligence by healthcare organizations is an important way of reducing cybersecurity risk. The pilot shows that by sharing “timely, consumable, [and] actionable” threat information to a wide audience, a valuable resource can be created that can be used to defend the entire healthcare ecosystem from cyberattacks. In a recent press...
2016 Ponemon Cost of Data Breach Study Published
The 2016 Ponemon Cost of Data Breach Study shows that healthcare data breaches cost the most to resolve, and breaches in the United States cost significantly more than those in other countries. This is the 11th consecutive year that the IBM-sponsored study has been published. The cost of a data breach continues to rise, with the average breach resolution costs now having reached $4 million. Last year, the average cost of a data breach...
Majority of Organizations Unsure of Ability to Protect Data After a Breach
A recent study conducted by security firm Gemalto has revealed that a majority of companies are not confident of their ability to prevent data from being stolen, altered, or deleted if their security perimeter is breached. While most organizations – 61% – were confident of the defenses they had applied to keep their perimeter secure, in the event that hackers broke through those defenses, 69% of companies thought data would...
NIST Cybersecurity Framework Update
The National Institutes of Standards and Technology (NIST) has announced that there will be a minor NIST Cybersecurity Framework update in early 2017. NIST sought suggestions from industry stakeholders over a period of two years since the NIST Cybersecurity framework was published. NIST issued a request for information (RFI) in December 2015 and received over 100 responses on best practices, Framework use, and suggestions for long...
Ransomware Attacks on US Businesses Soar
This year has seen an unprecedented number of ransomware attacks on US businesses. Healthcare providers have also been targeted, with medical services heavily disrupted as a result of ransomware infections. A recent report issued by Infoblox has confirmed the extent of the current ransomware epidemic and how much of a risk the malicious file-encrypting software poses for businesses. In the first quarter of the year alone, the number...
New CHIME Cybersecurity Center Tasked with Improving Healthcare Cybersecurity
The College of Healthcare Information Executives (CHIME) has announced it has created a new Cybersecurity Center and Program Office to assist healthcare organizations in the fight against cybercrime. The new office will be tasked with developing and sharing cybersecurity best practices, encouraging the sharing of threat information, and will be encouraging healthcare organizations to improve collaboration with each other and federal...
Final Precision Medicine Initiative Security Framework Released
The White House has released the final Precision Medicine Initiative security framework, which should be used by participating institutions to achieve the principles laid down in the Obama Administration’s Precision Medicine Initiative. The precision medicine initiative security framework contains a set of risk management guidelines which can be used to protect sensitive data and preserve data integrity. The 10-page framework may not...
Stronger Ransomware Protection for Hospitals Needed, says CHIME, AEHIS
The College of Healthcare Information Management Executives (CHIME) and the Association for Executives in Healthcare Information Security (AEHIS) have issued a joint statement calling for stronger protections to be implemented by hospitals in light of the growing ransomware threat. At a hearing titled “Ransomware: Understanding the Threat and Exploring Solutions,” both organizations agreed that stronger hospital legislation is needed...
Ponemon Publishes Report on Privacy and Security of Health Data
The Ponemon Institute has released its annual report on the state of privacy and security of health data and found that for the second year running, cybercriminals are the main cause of healthcare data breaches. This is the sixth year that the Ponemon Institute has compiled its privacy and security of health data report and the data show that cybercriminal attacks are increasing steadily. When the first report was published six years...
IBM Announces Plans for Watson for Cyber Security Platform
A cloud-based version of Watson’s cognitive computing technology will soon be used to process threat intelligence and provide insights on the latest cybersecurity threats. IBM has announced that the Watson for Cyber Security platform will be launched in the fall. The Watson for Cyber Security platform will be a year-long cybersecurity project, which will process around 15,000 security documents every month and will be programmed...
New Bill Introduced to Improve HHS Cybersecurity
A new healthcare cybersecurity bill has been introduced by members of Congress which aims to improve cybersecurity at the Department of Health and Human Services (HHS). The bill was introduced by two House Energy and Commerce Committee members: Rep. Billy Long (R-MO) and Rep. Doris Matsui (D-CA). The Committee had previously conducted an investigation to determine how cybersecurity could be improved at the HHS. The new legislation...
OIG Discovers 129 Medicare Healthcare Data Security Gaps
The Department of Health and Human Services’ Office of Inspector General has recently published its annual review of the health IT security programs of Medicare Administrative contractors (MACs). A MAC is a private health care insurer that has been contracted by the Centers for Medicare and Medicaid Services (CMS) to process Medicare Fee-For-Service beneficiary Medicare Part A/Part B (A/B) claims and/or Durable Medical Equipment (DME)...
Majority of Health IT Security Execs Have Increased Spending on Data Protection
A recent study conducted by data security firm Vormetric indicates 60% of healthcare IT security executives have increased their data protection budgets. New data security tools will be implemented by 46% of respondents to ensure their organizations are able to catch up with healthcare industry best practices. For the study, Vormetric polled 1,100 senior healthcare IT security executives. Virtually all respondents – 96% – said...
The Hidden Cost of Pagers in Healthcare
Numerous studies have been conducted on the cost of HIPAA-compliant alternatives to the pager, yet little research has actually been conducted on the actual cost of pagers in healthcare. Pager use is in steep decline. Pager services are being dropped by telecoms companies due to the lack of demand. Most industries have retired pagers long ago and have switched to smartphones. However, the healthcare industry lags behind. Pagers are...
NIST Cybersecurity Framework and HIPAA Security Rule Crosswalk Issued
The Department of Health and Human Services’ Office for Civil Rights has issued a crosswalk between the NIST Cybersecurity Framework and HIPAA Security Rule to help covered entities assess whether there are any gaps in their compliance programs. NIST Cybersecurity Framework and HIPAA Security Rule Crosswalk Issued By OCR The crosswalk between the NIST Cybersecurity Framework and HIPAA Security Rule was developed in conjunction with...
Healthcare Data Breach Litigation Case Has Standing Based on Data Exposure Alone
Healthcare data breach litigation usually requires plaintiffs to provide evidence that a breach of their Protected Health Information (PHI) has resulted in them coming to harm or suffering loss or injury as a result of the exposure of their data. At the very least, breach victims must be able to demonstrate that their PHI has at least been viewed by an unauthorized individual, and that the exposure of their PHI has placed them at an...
St. Louis Cardinals Hacking Scandal: Former Scouting Director Pleads Guilty
There has been a new twist in the St. Louis Cardinals hacking scandal – A former scouting director has recently pleaded guilty to accessing Houston Astros player data and other sensitive information without authorization. Players’ medical data was accessed and used to gain a competitive advantage. The data were accessed over a period of years according to prosecutors. The St. Louis Cardinals hacking scandal came to light last summer...
Healthcare Cybersecurity Market to Reach $10.85 Billion by 2022
Major cyberattacks have occurred. Huge data breaches have been suffered. Almost 113 million healthcare records have been exposed so far in 2015. Understandably healthcare providers and insurers are now committing more funds to improving cybersecurity defenses and the healthcare cybersecurity market is exceptionally strong. Healthcare Cybersecurity Market to Reach $10.85 billion by 2022 A new report recently issued by research and...
Hospital Use of Two-Factor Authentication Solutions
The results of a study on the use of two-factor authentication solutions by non-federal acute care hospitals have recently been published by the Office of the National Coordinator for Health Information Technology. The analysis of ePHI security protection trends showed that just under half of hospitals are now using two-factor authentication solutions to ensure the electronic Protected Health Information (ePHI) of patients is...
Healthcare Secure Messaging Offers Many Benefits
Implementing a healthcare secure messaging solution will help to ensure that privacy breaches are avoided. HIPAA regulations prohibit the sending of Protected Health Information (PHI) over open, unencrypted mobile networks. Should a physician or other healthcare professional send a text message containing PHI, HIPAA rules will be violated. The Department of Health and Human Services’ Office for Civil Rights (OCR) may not currently be...
Breaches of PHI Are Not Specific to Healthcare
Breaches of PHI are not specific to the healthcare industry, according to a new study conducted by Verizon Enterprise Solutions. PHI data breaches are actually suffered by the majority of organizations; but they are just not as widely reported in other industry sectors. The study looked at breaches of PHI that have been suffered by healthcare and non-healthcare organizations from 20 different industry sectors in 25 different...
Mobile Security Threats Increasing Says Kaspersky Lab
The number of mobile security threats is increasing, according to a recent security report issued by Kaspersky Labs, one of the leading providers of anti-virus software. The company has just released its threat evolution report for Q3, which details a significant increase in new malware and installation packages. The number of new installation packages was 1.5 times higher than the corresponding period in 2015. The malicious software...
Are IT Professionals Underestimating the Probability of a Cyberattack?
Probability of A Cyberattack Being Suffered is Underestimated by IT Security Professionals New data released by the Ponemon Institute suggests that IT security professionals may be underestimating the probability of a cyberattack occurring. More than half of IT professionals surveyed believed the probability of a cyberattack occurring was low and that they were relatively safe and would not be targeted by hackers. The latest Ponemon...
Benefits of Texting Patients Include Improved Risk Profiles
Something as simple as sending a text message to a patient can have a profound impact on that individual’s health, according to a recent study published in the Journal of the American Medical Association. There are many benefits of texting patients according to the new study. Study Highlights the Health Benefits of Texting Patients Increasing the level of exercise taken, stopping smoking, cutting back on alcohol consumption and making...
Average Cost of Cyber Crime Resolution Continues to Increase
Cyber crime is costing the healthcare industry dearly, and that cost continues to rise. According to the latest survey released by the Ponemon Institute, the average cost of cyber crime resolution has risen again this year. The cost of resolving criminal attacks, data theft and resultant data loss, now costs 82% more than it did when the first Ponemon Institute Cost of Cyber Crime Study was released in 2010. Average Cost of Cyber...
FDA to Allocate More Resources to Assess High Risk Healthcare Mobile Apps
There is considerable potential for mHealth apps to have a positive impact on the care provided to patients, although they also carry a risk of violating patient privacy and even causing patients to come to harm. To better protect the privacy of patients and improve safety, the FDA and other government bodies will be stepping up their efforts to reduce the risk to patients, in particular by taking action to ensure mHealth apps are...
Current State of Healthcare Data Security
A new report has been released by Veracode comparing government mobile application security with other industries, with the report giving an insight into the state of healthcare data security; or perhaps the state that healthcare data security is in would be a better way of phrasing it. Veracode assessed the total number of mobile app security vulnerabilities discovered against those that had been addressed and the healthcare industry...
New Survey Explores Healthcare Cybersecurity Attitudes
Healthcare cybersecurity attitudes are changing. Not as fast as the threat landscape is, but most healthcare professionals now appreciate the risks, understand the current threat level and also how difficult it is to keep data 100% secure. Physicians and health IT professionals often don’t see eye to eye. IT staff must ensure data is secured and networks are protected, whereas physicians are in the business of treating patients. Often...
C-Suites Choosing to Outsource Healthcare Cybersecurity
According to the results of a new study, it is becoming increasingly common for HIPAA-covered entities to outsource healthcare cybersecurity to private firms, although not necessarily by choice. Third party specialists in cybersecurity are the only option due to a current lack of skilled staff. The rise in cybercrime has left a gap in the labor market and there are simply not enough candidates for the number of positions available....
2015 Cost of Data Breach Study Released
The Ponemon Institute has released a new report on the cost of data breaches around the world. The Cost of Data Breach Study: Global Analysis, a study sponsored by IBM, looks at the financial implications of a data breach on organizations, and explores the different factors which affect the cost. The study involved 350 companies from 11 countries: Australia, Brazil, Canada, France, Germany, India, Italy, Japan, United Kingdom, the...
Breach Response Best Practices Guide Released by DOJ
The Cybersecurity Unit of the Department of Justice has released new guidance and breach response best practices to help organizations prepare for security breaches. It is essential that any holder of personal information on consumers knows the correct victim response and how, where and when to report data breaches. The guidelines are not specifically aimed at the healthcare industry, although they are relevant. Healthcare providers...
Healthcare Mobile Apps Reduce Costs and Improve Care
According to a survey conducted by the Healthcare Information and Management Systems Society, healthcare mobile apps and mobile technology in general have offered multiple benefits. The Healthcare Information and Management Systems Society also chose the HIMSS 2015 conference to announce the results of a survey conducted on 238 healthcare IT professionals in which they were asked about the use of mobile technology by their employers....
Protecting Cyber Networks Act (PCNA) Passed By House of Representatives
The Protecting Cyber Networks Act (PCNA) has been passed by the House of Representatives, taking the bill one step closer to becoming legislation. The Act must now go before congress for the vote. If passed it will be written into the legislation. Majority in Favor of the Protecting Cyber Networks Act When the bill went to the House of Representatives there were some protests over privacy issues surrounding the bill, and even on the...
New Healthcare Data Security Study Released
A new healthcare data security study has been published in the JAMA (The Journal of the American Medical Association) which confirms that the number of healthcare data hacking incidents is indeed on the rise. Kaiser Permanente Healthcare Data Security Study Shows Healthcare Hacks Have Doubled in 12 Months The latest healthcare data security study was conducted by Kaiser Permanente, an integrated managed care consortium, based in...
Healthcare Data Hacking Incidents Rise in March 2015
According to breach reports submitted to the Office for Civil Rights via its new breach reporting portal, healthcare data hacking incidents in March 2015 rose considerably month on month. In spite of the high profile data breaches that have dominated the healthcare industry news headlines, hacking incidents in 2015 have been relatively low – or detection rates have been low in the very least. Healthcare Data Hacking Incidents...
2014 Medical Identity Theft Report: Identity Fraud Increases by 21.7%
Ponemon Institute Releases 2014 Medical Identity Theft Report The Ponemon Institute Medical Identity Theft Report is prepared each year and gives an important insight into the extent of medical and identity fraud in the United States, as well as the impact it is having on patients. This year’s results paint a worrying picture, as cases of medical identity fraud have increased 21.7% year on year. 2014 was a year for major data...
Big Data Legislative Changes Necessary to Protect Patient Privacy
In December last year, the Health IT Policy Committee’s Privacy and Security Workgroup met twice to discuss potential big data legislative changes. The impact big data is having – and will continue to have – on the healthcare industry has raised a number of issues, of which privacy and security of healthcare data is a major concern. By the end of this series of workshops the committee hopes to have produced a list of recommendations...
Healthcare Cybersecurity in 2015 to be a Top Priority Says CHIME
According to CHIME, the College of Healthcare Information Management Executives, healthcare cybersecurity in 2015 will be a top priority; with the organization believing that the coming year will see a host of positive changes made that will address many of the cybersecurity issues currently being faced by the healthcare industry. One of the main aims over the course of the next 12 months is to improve access to healthcare data for...
New Mobile Data Security Study Published
A new mobile data security study has been published that suggests that there is a market for the provision of an increased range of security products for mobile devices in both the USA and the UK. In both countries consumers are concerned about the data that is stored on mobile devices. The mobile data security study was conducted on behalf of Inhance Technologies by iReach Insights. It consisted of a comparative analysis of data...
Healthcare Attack Surface Growth will Increase Breach Risk
Healthcare attack surface growth is a major reason why healthcare data breaches in 2014 will be higher than in any past year, according to a new report from Experian. The 2014 Data Breach Industry Forecast paints a worrying picture for healthcare industry data security, and suggests the industry is particularly vulnerable to attack. Furthermore, the data held on patients carries a high value on the black market, and there are plenty...
Healthcare Network Security Tips
Healthcare organizations have to implement a broad range of controls to ensure Protected Health Information (PHI) and Personally Identifiable information (PII) is kept secure; recently computer networks have come under scrutiny with this in mind we have listed some basic healthcare network security tips. The tips are based on Health Resources and Services Administration (HRSA) recommendations, which can help healthcare providers avoid...
Common Healthcare BYOD Mistakes to Avoid
To implement a BYOD scheme or not; that is the question for many CIOs and CISOs: Get it right and a healthcare organization can greatly benefit; commit some of the following common healthcare BYOD mistakes and even the best laid plans can go to waste. The benefits of healthcare ‘Bring your Own Device’ schemes are numerous; however if errors are made they can ruin any BYOD scheme, and can lead to severe penalties from regulatory...
Health Industry BYOD Security is Now Easy to Manage
CISOs and CIOs are realizing that mobile phone use in healthcare is as essential. Healthcare professionals use the devices when they are not working, and they want to continue to get the benefits when the go to work. The speed at which mobile devices can be used to communicate with others; access information; schedule meetings; and receive advice makes most healthcare communication systems seem positively prehistoric. BYOD schemes...
Control is the Key to Healthcare BYOD Security
Many CISOs, CIOs and IT heads consider the healthcare BYOD security challenges to be too problematic, and shy away from implementing such a scheme. The benefits many be numerous, but the costs of data breaches cannot be ignored. Especially when there is a high risk of a data breach. According to a recent study – BYOD Insights 2013 – from the Cisco Partner Network, only 36% of respondents believed that their employer would be prepared...
Study Indicates Healthcare Data Breach Preparedness Issues
Handling healthcare security goes beyond just the technical side, as privacy and security compliance is critical to both data breach prevention and response plans. Experian Data Breach Resolution and the Ponemon Institute released a report today, titled Is Your Company Ready for a Big Data Breach?, that is composed of responses from mainly health and pharmaceutical privacy and compliance professionals as well as those from retail and...
Healthcare Data Breach Preparedness Study Raises Concerns
A new study released by Experian Data Breach Resolution & the Ponemon Institute has raised a number of concerns about healthcare data breach preparedness. The study – Is Your Company Ready for a Big Data Breach? – was primarily conducted on healthcare and pharmaceutical industry professionals with responsibility for privacy, security and compliance with state and federal regulations. Key figures in the retail and financial...
2012 Ponemon Institute Data Security Study Released
As the year draws to a close, it is a time to reflect on the lessons learned during 2012 regarding HIPAA compliance and dealing with healthcare data breaches. This year the pilot round of HIPAA-compliance audits was completed, indicating the sorry state of healthcare data security. There is clearly a lot to be done in 2013 to bring data security up to the minimum standards laid down by the Health Insurance Portability and...