Phishing and medical device exploits

Social engineering is a cyber threat we could discuss week after week…so that’s exactly what I’m going to do this time.  More phishing campaigns have made headlines thanks to a breach of the AP Stylebook, which is used by news and other organizations as a guide to on such relevant topics as grammar, writing style… Read More

Dishing and Smishing

If you receive a text from a sender who appears to be USPS, the Royal Mail, or a number of other organizations, you may be the target of a new smishing campaign from Chinese hackers.  Known as the Smishing Triad, these bad actors have been attempting to exploit US residents via compromised iCloud accounts for… Read More

Tesla and Duolingo have data problems

Tesla is the big data security story these past couple of weeks.  In the wake of Twitter’s recent rebranding to “X,” now another Elon Musk firm is in the news for an entirely different reason.  Two former Tesla employees are accused of sharing the personal information of over 75,000 people to German newspaper Handelsblatt.   Despite… Read More

Regulating Data Collectors

Companies and other agencies gathering people’s data creates vulnerabilities that hackers are all too eager to exploit.  Whether it’s for targeted advertising or selling to third parties, data has become a most valuable commodity.  You can’t go a day without hearing about a data breach in the news, be it aimed at a school, business… Read More

A new standard for data protection?

For years, business communities and US legislators have been calling for an all-encompassing data privacy law at the federal level.  Despite the introduction of several proposed bills, none have been enacted.  In lieu of such a standard has instead arisen a patchwork of various state regulations, such as the California Consumer Privacy Act (CCPA) or… Read More

A new list of top 5 healthcare data breaches?

HCA Healthcare just last week disclosed a massive data breach that affects the information of around 11 million patients, via a breached external storage location.  Comprising 182 hospitals and 2,200 care centers across the US and UK, HCA Healthcare is a prominent firm in the industry.  In fact it ranks #62 on Fortune 500’s largest… Read More

MOVEit breach hits education sector

The biggest infosec story in the news right now has caught multiple sectors in its net: the hack of the MOVEit file transfer tools.  From government to utilities to finance, students and teachers to public employees and retirees, it feels like no one has been exempted.  Over 16 million people in more than 150 institutions… Read More

No noble thieves in data security

Reddit’s planned API (application programming interface) changes have been met with a flurry of outrage online, seemingly none more so than the hackers who decided to take matters into their own hands.  Earlier this year, the BlackCat ransomware group hacked into Reddit servers and stole 80GB of sensitive data, accessing internal documents, codes, dashboards and… Read More

Keep your data under lock and key

When you share your personal information with a doctor’s office, are you concerned about the security of your data against bad actors or even accidental exposure?  You should be mindful.  Patients’ personal health information (PHI) and electronic health records (EHR) are a valuable reward for cyber criminals, and their targets are diverse.  Dentistry practices are… Read More

Data Breaches and Compliance

Data security and breach regulations are constantly evolving.  Last month, the Federal Trade Commission (FTC) announced a notice of proposed rulemaking to “strengthen and modernize” the existing Health Breach Notification Rule (HBNR) from 2009 (HBNR is part of the HITECH Act, enacted to promote the adoption and meaningful use of health information technology).  In addition… Read More