Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The healthcare industry has been plagued by inadequate security measures and common protocol mistakes that result in significant penalties imposed by HIPAA (Health Insurance Portability and Accountability Act). Poor security protocols, neglected risk assessment audits, internal human errors, and the lack of employee HIPAA training are just a few factors contributing to lost, compromised, or stolen patient data and sensitive medical records.

Recent advancements in the digital landscape have led to a new kind of paradigm, one where enterprise perimeters are no longer clearly defined or limited. The rapid uptake of remote working, cloud, and IoT led to these prominent shifts, resulting in users, applications, and data no longer residing exclusively within the perimeters of the enterprise. This has led to enterprise perimeters becoming “borderless”.

The National Cyber Security Centre (NCSC) is the UK’s technical authority for cybersecurity. Established in 2016, it has worked to improve online safety and security, and has brought clarity and insight to an increasingly complex online world. In its 6th annual review, it gives insights to its understanding of the cyber environment affecting the UK. One of the most important roles of the NCSC is to identify, monitor, and analyse key cybersecurity threats, risks, and vulnerabilities.

How hackers are using SVG files to smuggle QBot malware onto Windows systems, a new batch of ransomware families leading attacks on Windows systems, and this year’s spike in command-and-control servers.

The HIPAA Privacy Rule (Health Insurance Portability and Accountability Act of 1996) is a healthcare cybersecurity framework that mandates security standards for all HIPAA-covered entities. HIPAA aims to protect patient information in the public health sector and promote stronger cybersecurity policies. HIPAA standards have since been adopted worldwide and enforced as federal law in the United States.

Like many industries, the federal government and the Department of Defense (DoD) are more digital, more dispersed, and work with more third parties than ever before. This shift means that information the departments deal with, referred to as controlled unclassified information, needs to be protected due to its high value. Enter “Safeguarding covered defense information and cyber incident reporting,” which is part of the Defense Federal Acquisition Regulation Supplement (DFARS) requirements.

As 2021 draws to a close, it is safe to say the year has been a blockbuster for cybercrime. We have witnessed attacks on critical national infrastructure, which have impacted the supply of consumer commodities. We have seen law enforcement clamp down on cybercriminals, taking down some of the most ruthless operations that have wreaked havoc on organisations and consumers across the globe.

Five worthy reads is a regular column on five noteworthy items we’ve discovered while researching trending and timeless topics. This week we are exploring cyber insurance, how it can help businesses in the event of a cyberattack, and why it is necessary for your organization.