Words like cybersecurity and compliance are often interchangeable without much care taken with how they differ. But make no mistake: while they are related practices, both are different approaches to a common problem of cybersecurity threats. Here we break down the differences and, more importantly, why these differences are important for when you have to… Read More
The Evolving Need for PCI DSS Compliance. The current COVID-19 pandemic has dramatically accelerated a trend that was already on the rise — a move toward many new forms of electronic payment that involve capturing and transmitting credit card data. Businesses have moved online-only transactions during this crisis, and many consumers don’t want to handle… Read More
Hackers Can Use DICOM Bug to Hide Malware in Medical Images DICOM bug enables hackers to insert fully functioning executable code into medical images A newly discovered design flaw in DICOM, a three-decade-old medical imaging standard, could be used to deliver malware inside what appears to be an innocuous image file, a researcher from Cylera… Read More
Poor cybersecurity practices complicated recovery from the Arizona Beverages ransomware attack. What appears to have been a targeted ransomware attack knocked over 200 networked computers and servers offline at Arizona Beverages, one of the largest beverage suppliers in the U.S., TechCrunch reports. The attack, which the company was still struggling to recover from two weeks… Read More
Seal up your cloud containers with these Kubernetes security best practices. Lightweight cloud containers are fast replacing resource-sucking virtual machines, and Kubernetes is fast becoming the de facto standard for container orchestration. Kubernetes adoption doubled in 2018. Unfortunately, as with any popular technology, it was only a matter of time before hackers discovered a way… Read More
Hybrid cloud security survey shows that most organizations are implementing hybrid clouds far faster than their security teams can manage them. For many organizations, particularly those in highly regulated industries such as healthcare, hybrid cloud environments offer the best of both worlds. Companies get to enjoy the easy scalability and other benefits of AWS, Microsoft… Read More
Malicious browser extensions can steal credentials, cryptocurrency, and more From blocking ads and coin miners to saving news stories for later reading, browser extensions allow users to customize their web browsers for convenience, efficiency, and even privacy and security – usually for free. However, browser extensions need a wealth of access permissions to operate, including… Read More
The 5 top healthcare cyber threats, according to the U.S. Department of Health & Human Services’ new guide The financial impact of healthcare cyber attacks can be devastating, especially to small organizations. The HHS points out that the healthcare industry has the highest data breach cost of any industry, at an average of $408 per… Read More
Chinese hackers have successfully breached contractors for the U.S. Navy, according to WSJ report. The years-long Marriott Starwood database breach was almost certainly the work of nation-state hackers sponsored by China, likely as part of a larger campaign by Chinese hackers to breach health insurers and government security clearance files, The New York Times reports.… Read More
Before you send out that next email marketing blast, make sure you’re compliant with the EU GDPR Email marketing is big business. MarTech Advisor reports that it is the best-performing channel for a company’s ROI, and 61% of consumers prefer to receive offers via email, as opposed to only 5% who prefer social media offers.… Read More
Two new reports illustrate the threat of employee carelessness and maliciousness to healthcare data security Healthcare data security is under attack from the inside. While insider threats – due to employee error, carelessness, or malicious intent – are a problem in every industry, they are a particular pox on healthcare data security. Two recent reports… Read More
Comprehensive anti-harassment policies are even more important in light of #MeToo movement The #MeToo movement, which was birthed in the wake of sexual abuse allegations against Hollywood mogul Harvey Weinstein, has shined a spotlight on the epidemic of sexual harassment and discrimination in the U.S. According to a nationwide survey by Stop Street Harassment, a… Read More
Gartner Is Shifting Its Focus Toward IRM, and You Should, Too Over the summer, Gartner announced that it was moving its focus away from GRC and launching a new Magic Quadrant for integrated risk management, or IRM: IRM enables simplification, automation and integration of strategic, operational and IT risk management processes and data. IRM goes… Read More
White-Hat Hackers Are Already Being Caught in the Cryptocurrency Regulation Net Cryptocurrencies have long been associated with cyber crime. The cryptocurrency Bitcoin was the de facto currency of the notorious online black market Silk Road, it remains the preferred payment method on the Dark Net, and the majority of ransomware attacks, including WannaCry, demand payment… Read More
Free HIPAA Awareness & Compliance Survey If you are in the healthcare business you have HIPAA compliance requirements to adhere to. Maybe you are not aware of what they or maybe you just want to gauge your organization’s readiness prior to seeking professional help? The good folks over at Continuum GRC have provided a short… Read More
Is Cloud Computing Really Secure? A Pragmatic Approach Considering Cloud Computing? So, you are making plans to move into cloud computing and are considering your options offered by the plethora of providers out there but you have questions and concerns. Congratulations! The bottom line up front is yes, cloud computing can be very secure. You… Read More
When contracting with a service provider, such as a data center, it is important for companies to ensure that their provider possesses the cyber security-related certifications and compliance standards that are applicable to the company’s industry. Data centers, as well as service providers who contract with data centers, sometimes claim to be “SSAE 16” certified.… Read More
POS Data Security? The next time you buy a burger at McDonald’s or Wendy’s, a computer may be the one asking, “Would you like fries with that?” After decades of depending on human workers to take orders – and payments – American fast food chains are finally moving into the computer age, driven by rising… Read More
Following a string of high-profile incidents that began earlier this year, the healthcare industry has been highly focused on preventing ransomware attacks. IoT security has also emerged as a growing concern. However, healthcare organizations (as well as businesses in other industries) cannot afford to ignore another growing threat: spear phishing. Like regular phishing, spear phishing… Read More
Up until now, healthcare cyber security has been focused on protecting patient data, ensuring HIPAA compliance, and, more recently, protecting systems from ransomware attacks. However, as healthcare technology advances, a new threat is emerging: the potential for hackers to attack smart medical devices such as insulin pumps and pacemakers. If IoT security is not taken… Read More
In a previous blog, we discussed the recent epidemic of ransomware attacks on U.S. healthcare organizations and the importance of the industry taking this very serious cyber security threat – and healthcare cyber security in general – seriously. The good news is that although a ransomware attack can bring a healthcare facility to its knees,… Read More
In a previous blog, we provided a primer on HIPAA compliance and discussed the importance of complying with this complex federal law, which is geared toward protecting patients’ private health information (PHI). While healthcare providers and healthcare industry vendors cannot afford to ignore HIPAA, a new threat has emerged and is poised to become much… Read More
Confused about PCI DSS compliance? This article will explain PCI DSS and the importance of complying with this important information security standard. What is PCI DSS? PCI DSS stands for the Payment Card Industry (PCI) Data Security Standard (DSS). The PCI DSS is a proprietary information security standard that was established in 2004 by the… Read More
Confused about HIPAA and HIPAA compliance? This article will explain HIPAA and the importance of complying with this complex federal law. What is HIPAA? HIPAA is the Health Insurance Portability and Accountability Act of 1996, which was signed into law by President Bill Clinton. The HITECH Act, which was signed by President Obama in 2009,… Read More