Healthcare & Technology

 

Forrester

"Forrester, a leading global research and advisory firm, recently analyzed the emerging cybersecurity risk ratings solutions market.

 

The free 2020 Forrester report delivers critical insights for CISO's and third-party risk teams on how and why cybersecurity risk rating solutions can fit into their security programs."

 

HC&O News

"video surveillance component consists of around 700 different Siqura cameras, working with VDG Sense video management software and storage from TKH Security,” Anwer said. “The iProtect access control system, also from TKH Security, manages around 400 doors with card and pin authentication. [The] iProtect security management system is able to flawlessly fulfill the set of complex requirements demanded by this client."

 

Security Boulevard

"The pervasive impact of Internet of Things (IoT) devices on our lives is greater than that of traditional IT devices. There are several unknowns in IoT security, and it raises concerns for customers who are looking to incorporate IoT devices in their existing infrastructure. Fortunately, security by design can resolve some of the major root causes of the underlying vulnerabilities in these connected devices.

 

In acknowledgement of the challenges discussed above, an internal NIST report IR8228 entitled Considerations for Managing IoT Cybersecurity and Privacy Risks indicates that educating IoT device customers plays an important role and that they should be aware of the cybersecurity risks and mitigation plans for IoT devices. This report also points to the requirement of creating robust communication channels between the manufacturer and the customer, specifically regarding cybersecurity features and expectations for security controls."

 

BBC News

"The unprecedented hacking of celebrity Twitter accounts this month was caused by human error and a spear-phishing attack on Twitter employees, the company has confirmed.

 

Spear-phishing is a targeted attack designed to trick people into handing out information such as passwords.

Twitter said its staff were targeted through their phones.

The successful attempt let attackers tweet from celebrity accounts and access their private direct messages.

 

The accounts of Microsoft founder Bill Gates, Democratic presidential hopeful Joe Biden and reality star Kim Kardashian West were compromised, and shared a Bitcoin scam."

 

"A preliminary settlement of a class action data breach lawsuit against Iowa Health System - which does business as UnityPoint Health - contains an extraordinary provision that could prove quite costly.

 

Unlike settlements in most other data breach class action lawsuits, this one does not contain a "global cap" on the total amount of claims to be paid to victims.

 

Under the terms of the proposed settlement, UnityPoint will provide one year of comprehensive credit monitoring and ID theft protection services with a retail value of about $200 per settlement class member."

 

"On March 15, 2020, the CDC announced gatherings of 50 or more people be canceled for the next eight weeks, marking a pivotal point in the 2019 Novel Coronavirus. The CDC needed to make a strong recommendation to limit the spread of the virus, and on this day, there were 3,000 cases in the US, and airports were in chaos due to new screenings.

 

With our daily livelihoods changing right before our eyes, bad actors online started to see this chaos as an opportunity. SlashNext Threat Intelligence researchers identified that in the days which followed, we saw a +3000% increase in COVID-19 themed Phishing URLs. With no sign of slowing down, thousands of new phishing pages are launched hourly to steal personal information, corporate data exfiltration, and credit card fraud."

 

Ad Law Access

"The replay for our July 30, 2020 California Consumer Privacy Act (CCPA) for Procrastinators: What You Need To Do Now If You Haven’t Done Anything Yet webinar is available here.

 

The coronavirus pandemic has put many things on hold, but CCPA enforcement is not one of them. The California Attorney General’s enforcement authority kicked in on July 1, 2020, and companies reportedly have begun to receive notices of alleged violation. In addition, several class actions have brought CCPA claims. Although final regulations to implement the CCPA have yet to be approved, compliance cannot wait.

 

If you’re not yet on the road to CCPA compliance (or would like a refresher), this webinar is for you. We covered:

 

Anyone who has not begun their CCPA compliance efforts or thinks they need a refresher should watch this webinar.

To view the presentation slides, click here.

To view the webinar recording, click here."

 

The New York Times

"TikTok has long presented a parenting problem, as millions of Americans raising preteens and teenagers distracted by its viral videos can attest. But when the C.I.A. was asked recently to assess whether it was also a national security problem, the answer that came back was highly equivocal."

 

 

JD Supra

"Data breaches are a hot topic and will undoubtedly get even hotter. Cybersecurity for your own enterprise isn’t enough — you must evaluate your vendors and determine if they’re prepared to resist cyberattacks. 

 

The increase in data breaches has only led to more regulatory scrutiny. Regulatory focus on third-party vendors was already increasing after the 2008 financial crisis, but has reached a fever pitch in recent years. New data privacy laws often make companies liable for the mistakes of their vendors, even as businesses are relying on outsourcing more and more. So this reliance on vendors, suppliers and subcontractors means increased liability."

Nudge: Take a look at our new Business Partner Vetting Portal in Expresso. It will save time and money with a paperless method to obtain valid assurances from potential Business Partners. Contact us at support@3lionspublishing.com for a preview.

 

"Enforcement of Maine’s landmark online privacy law, which bans internet service providers from collecting and selling customers’ personal data without their permission, began this month after clearing a major legal hurdle in July.

Still, state officials can not provide a clear picture of what will happen to providers in Maine if they don’t comply.

 

The law dictates that internet providers must gather express, affirmative consent from customers before collecting any of their identifying data, such as location, browsing history or device identification. Providers also must give customers “clear, conspicuous and non-deceptive notice” of their rights at the point of sale, and are not allowed to offer promotions to customers who choose to give consent to have their data collected or refuse service to those who do not."

 

National Defense

"The ransomware threat landscape worsened in several significant ways through 2019 and into the current year, according to BakerHostetler’s 2020 Data Security Incident Response Report. Average demands increased more than tenfold and all industry segments saw growth in attack frequency, with stark increases seen by education and government entities.

 

Several threat actor groups began exfiltrating sensitive data from victims as an additional means to extort a payment, the report noted.

The average ransom paid in 2018 was $28,920 and the largest payment $250,000. But that figure jumped to $302,539 the following year and the largest payment was $5.6 million, the latest report stated.

 

A tip to avoid this: require vendors to implement multifactor authentication to access an environment."