HealthcareInfoSecurity.com RSS Syndication

BlackMatter Claims to Shut Ops; Experts Suspect Rebranding

Criminal Group Announced News on Russian Site, Says Malware Research Organization vx-underground
Ransomware-as-a-service provider BlackMatter has ceased operations due to pressure from local authorities, malware research organization vx-underground says, citing an announcement made by the gang on a Russian underground site.

FBI Warns of Ransomware Actors Leveraging M&A Data

Bad Actors Learn Victim Firms' Public, Nonpublic Data Before Attack to Increase Impact
The Federal Bureau of Investigation has issued a notification warning to private sector companies, especially those listed or in the process of being listed on stock exchanges, to be aware of ransomware actors using their undisclosed merger and acquisition data for extortion.

Ransomware Incidents Among Largest Breaches on Federal Tally

Analysis of Latest Health Data Breaches on the HHS OCR 'Wall of Shame'
Ransomware incidents are becoming a major cause of health data breaches affecting millions of individuals that have been reported so far in 2021, according to the latest additions to the federal tally. What else is topping the list?

CISA Directs Federal Agencies to Patch Known Vulnerabilities

BOD 22-01 Imposes Strict Deadlines for Remediation of Publicly Known Exploits
The U.S. Cybersecurity and Infrastructure Security Agency on Wednesday issued a new directive - BOD 22-01 - requiring federal civilian agencies to patch vulnerabilities known to be actively exploited in the wild.

HIPAA Omnibus Final Rule

This package of regulations includes modifications to the HIPAA privacy, security, enforcement and breach notification rules, as required under the HITECH Act.

HITECH Act Stage 2 EHR Incentive Program Software Certification Final Rule

This rule establishes criteria for electronic health records software that qualifies for Stage 2 of the HITECH Act Electronic Health Record Incentive Program. The program, part of the economic stimulus package, is providing billions of dollars in Medicare and Medicaid incentives to hospitals and physicians to spur widespread adoption of EHRs.

HITECH Act Stage 2 EHR Incentive Program Meaningful Use Final Rule

This rule establishes criteria that hospitals and physicians must meet to qualify as "meaningful users" of electronic health records and receive further financial incentives in Stage 2 of the HITECH Act Electronic Health Record Incentive Program. The program, part of the economic stimulus package, is providing billions of dollars in Medicare and Medicaid incentives to spur widespread adoption of EHRs.

FDA: Unique Device Identification System

This proposed rule from the U.S. Food and Drug Administration would require unique identifiers on medical devices. While the rule aims to ease the collection and analysis of data about adverse health events and help detect counterfeit products, no patient information would be collected in a proposed new FDA database to help track the safety of these devices.

Live Webinar | ‘Tis the Season…for Fraud

Panel Discussion | The Future of Cybersecurity: Is the US Government Finally Getting Serious About Protecting Supply Chains?

Fireside Chat | State of Software Security: The Costly Risks of Open Source Code

Live Webinar | The 5 Myths Hindering You From SOC Automation

Why Healthcare Entities Fall Short Managing Security Risk

Why do so many HIPAA -covered entities and their vendors do such a poor job managing security risk and safeguarding patient's protected health information? Many critical factors come into play, say Roger Severino, ex- director of HHS OCR, and Bob Chaput, founder of security consultancy Clearwater.

Ransomware Gangs Are Not Infallible

The latest ISMG Security Report features the fallibility of ransomware gangs and why victims should always seek help from a reputable response firm, law enforcement or other qualified expert. Also featured: Data protection advice and why the remote work model might make securing data easier.

Why Hive Attacks Are the Latest Menace to Healthcare Sector

Several characteristics of the Hive ransomware group make the threat actor particularly menacing to its victims, which include healthcare sector targets, says Adam Meyers, vice president of intelligence at security firm CrowdStrike.

Case Study: Intrusion Prevention, Detection in the Cloud

Chronic disease management firm Omada Health has been changing its approach to cloud intrusion prevention and detection, which is reducing time spent on investigating false positives, says the company's information security leader, Bill Dougherty.

Changing Employee Mindsets During Digital Transformation

How CISOs Can Ensure That the Business Succeeds While It Transforms
While doing digital transformation, CISOs tend to look more at technology and try to adapt it without making the distinction between technologies that are must-have and good to have. Krishnamurthy Rajesh of ICRA says CISOs must analyze risks, update security, and change the mindset of employees.

Forget Hacking Back: Just Waste Ransomware Gangs' Time

Time Is Money for Criminals; Some Profits Susceptible to DDoS and Other Disruptions
Who's been launching distributed denial-of-service attacks against ransomware operators' sites and cybercrime markets? Disrupting ransomware operations that rely on Tor-based data leak sites and payment portals for double extortion is an obvious move for cutting into their profits.

Memo to Ransomware Victims: Seeking Help May Save You Money

Flaw in DarkSide and BlackMatter Enabled Security Firm to Decrypt Files for Free
While ransomware might be today's top cybercrime boogeyman, attackers aren't infallible. The latest example: Errors in DarkSide - and its BlackMatter rebrand - enabled security experts to quietly decrypt many victims' files for free, saving millions in potential ransom payments.

Troublemaker CISO: Do You Know What You Should Be Doing?

The Rant of the Day From Ian Keller, Ericsson
In his second Rant of the Day for the CyberEdBoard Profiles in Leadershop blog, Ian Keller, security director at Ericsson and CyberEdBoard executive member, talks about what a CISO does - and what a CISO should do.