James Denvil and Paul Otto of Hogan Lovells write: The FTC wants companies to listen. More precisely, the FTC wants companies to pay attention to and promptly to respond to reports of security vulnerabilities. That’s a key takeaway from the Commission’s recent settlement with ASUSTek (“ASUS”). In its complaint against the Taiwanese router manufacturer, the FTC alleged that ASUS…
Category: Commentaries and Analyses
MY: Personal health data theft scary
From a letter to the editor of by S.M. Mohamed Idris of The Consumers’ Association of Penang (CAP) in Malaysia: [CAP] is distressed by the recent news that a group of hackers had hacked into the systems of both government and private hospitals and stolen the personal health data of tens of thousands of individuals – data…
Still lazy after all these years? 2,000 personal photos, emails, and other info found on used smartphones
David Bisson writes: In a recent experiment, researchers found 2,000 personal photos, email messages, and other information stored on used phones they purchased from pawn shops. Avast’s Deborah Salmi explains in a blog post how the security company’s researchers purchased some 20 used phones from pawn shops located in New York, Paris, Barcelona, and Berlin. Each shop…
Thieves Are Using Ransomware Programs to ‘Kidnap’ People’s Data Until They Pay
John Dyer has a report on ransomware with some interesting statistics: An October study by Cisco Systems’ Talos security unit estimated that unnamed hackers using Angler Exploit — just one of a handful of commonly used ransomware bugs — netted $60 million annually. In December, a Kaspersky Lab report found that ransomware infections doubled last year compared to 2014….
Addressing Gaps in Cybersecurity: OCR Releases Crosswalk Between HIPAA Security Rule and NIST Cybersecurity Framework
The sensitive health information maintained by health care providers and health plans has become an increasingly attractive target for cyberattacks. The need for health care organizations to up their game on health data security has never been greater. To help health care organizations covered by the Health Insurance Portability and Accountability Act (HIPAA) to bolster…
Patient monitors altered, drug dispensary popped in colossal hospital hack
Scary stuff. Darren Pauli reports: Security researchers have exploited notoriously porous hospital networks to gain access to, and tamper with, critical medical equipment in attacks they say could put lives in danger. In tests, hospital hackers from the Independent Security Evaluators research team popped patient monitors, making them display false readings which could result in…