Is there anything better than being offered one year of "free" identity theft monitoring? Regularly offered with strings attached by organizations that mishandled your personal details, the efficacy and use of such services looks set for a U.S. Government Accountability Office review.
As regulators increasingly focus on third-party risk, healthcare organizations are entering more strategic partnerships with their critical vendors. And the effort is paying off with improved vendor risk management, says Mitch Parker, CISO of Indiana University Health System.
Understanding where data is stored so it can be protected, overcoming security misconfiguration and improving vendor management diligence are three top challenges for healthcare organizations, says Chris Bowen of ClearDATA.
A batch of documents meant to be kept under court seal lays bare Facebook's strategic brokering of access to user data to reward partners and punish potential rivals. The material also demonstrates Facebook's views at the time on privacy and the risks of leaking data.
The latest version of the NIST Cybersecurity Framework - Version 1.1 - includes more information on supply chain risk management, authentication, authorization, identity proofing and self-assessing cybersecurity risk management, says Matthew Barrett of the National Institute of Standards and Technology.
Another day, another "Have I Been Pwned" alert, this time involving 44.3 million individuals' personal details found in unsecured instances of Elasticsearch, which appear to have been left online by Data & Leads, a Toronto-based data aggregation firm.
North Carolina-based Atrium Health is notifying 2.65 million individuals of a data breach involving a cyberattack on databases hosted by a third-party billing vendor. The incident is the largest U.S. health data breach revealed so far in 2018.
An analysis of China's surging hack attacks as part of an economic espionage campaign leads the latest edition of the ISMG Security Report. Also: Choosing the right MSSP, plus an analysis of the recent hijacking of Google traffic.
How can organizations get the most out of partnering with managed security services providers and avoid common pitfalls? Cybersecurity consultant Vito Sardanopoli, an experienced CISO, offers top tips.
An Iowa eye clinic and its affiliated surgery center recently recovered from a ransomware attack on their common systems within one day and without paying a ransom. This case offers important reminders to other healthcare entities and their vendors about advance planning.