January 24, 2017
Darkreading.com, January 23, 2017
Eighty-five percent of executives say they were hit with a cyber incident in the past year, according to the 2016/2017 Kroll Annual Global Fraud and Risk Report. Malicious insiders prove the greatest threat.
Jai Vijayan, Darkreading.com, January 19, 2017
Last year witnessed few data breaches of the kind that rocked 2015 when organizations like Anthem, the Office of Personnel Management and Ashley Madison reported security incidents involving tens of millions of personal records. Still, 2016 was a pretty bad year for data breaches. New data from the Identity Theft Resource Center (ITRC) and CyberScout show that 2016, in fact, had more reported breaches than any previous year.
Michael Piscopo, Delta-risk.net, January 20, 2017
In our previous blog, we discussed how pagers used in medical settings present an opportunity for threat actors to intercept valuable protected health information (PHI) and disrupt encryption and privacy. For malicious hackers, radio-based communications are a potential attack vector that organizations should watch closely. The risk is real, as more than 85 percent of hospitals still rely on pagers for communication, and the PHI data transmitted is not monitored with the same level of scrutiny as other electronic mobile devices.
James Pooley, Jdsupra.com, January 19, 2017
Recently I shared the podium with an FBI agent who was asked what frustrated him the most when trying to help businesses with trade secret theft. His answer was a surprise: they fire the guy too fast! He explained that when you discover someone might be mishandling information, your most important objective is to know what’s going on, and you could learn a lot more by keeping them around and watching what they do.
Graham Cluley, Tripwire.com, January 19, 2017
Adobe is no stranger to finding itself in the security headlines for all the wrong reasons, and it seems that things may not be changing as we enter 2017.
There was controversy earlier this month when news broke about how Adobe took the opportunity on Patch Tuesday of using its regular security updates to force Adobe Acrobat DC users into silently installing a Google Chrome extension.
Claire J. Rauscher and Belton T. Zeigler, Natlawreview.com, January 19, 2017
As their methods evolve, cybercriminals are increasingly targeting regional manufacturing businesses with sophisticated and potentially costly attacks. A recent ransomware attack on a mid-sized manufacturer in the Southeast provides a striking real world example.
Jeremy Kirk, Bankinfosecurity.com, January 24, 2017
Lloyds Banking Group came under a distributed denial-of-service attack that hampered access to its online banking services for about two days earlier this month, several media outlets reported, citing anonymous sources.
Marianne Kolbasuk McGee, Databreachtoday.com, January 18, 2017
In the final days of the Obama administration, the Department of Health and Human Services has issued its second HIPAA enforcement action for 2017. HHS’ Office for Civil Rights has entered a $2.2 million settlement with a Puerto Rican insurance company in the wake of its investigation of a 2011 breach involving a stolen unencrypted USB drive that affected only about 2,000 individuals.
Sarah L. Bruno, Jade M. Kelly and Lourdes M. Turrecha, Arentfoxadvertising.com, January 19, 2017
On January 9, 2017, Presence Health agreed to settle with the U.S. Department of Health and Human Services (HHS) potential violations under the Breach Notification Rule of the Health Insurance Portability and Accountability Act of 1996 (HIPAA). This is HHS’ first enforcement action against a covered entity that reported a breach, but did not do so timely.