What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-07-18 18:46:00 | Législateurs: HHS ne protége pas adéquatement les dossiers de santé contre les forces de l'ordre Legislators: HHS is failing to adequately protect health records from law enforcement (lien direct) |
Les législateurs demandent au ministère de la Santé et des Services sociaux à empêcher les forces de l'ordre d'accéder aux dossiers de la reproduction et d'autres dossiers de santé sans mandat.Le lettre envoyée mardi par les sens. Ron Wyden (D-OR) et Patty Murray (D-Wa), La représentante Sara Jacobs (D-CA) et d'autres exhorte également le secrétaire du HHS, Xavier Becerra, à élargir les réglementations fédérales de santé à
Lawmakers are demanding the Department of Health and Human Services to bar law enforcement from accessing reproductive and other health records without a warrant. The letter sent Tuesday by Sens. Ron Wyden (D-OR) and Patty Murray (D-WA), Rep. Sara Jacobs (D-CA) and others also urges HHS Secretary Xavier Becerra to broaden federal health regulations to |
Studies Medical | ★★ | |
 |
2023-07-17 10:00:00 | L'élément humain de la cybersécurité: nourrir une culture cyber-consciente pour se défendre contre les attaques d'ingénierie sociale The human element of Cybersecurity: Nurturing a cyber-aware culture to defend against social engineering attacks (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. As organizations across every sector come to rely more and more heavily on digital data storage, digital work platforms, and digital communications, cyber attacks are becoming increasingly common. Enterprising cyber attackers see opportunities abound with the widespread digital transformation across industries. Social engineering cyber attacks present a particularly potent threat to organizations. In this article, we will take a look at why training your employees to become aware of social engineering cyber attacks is key to protecting your business. We will explore the most common forms of social engineering attacks. Finally, we’ll also share key actionable advice to help educate and defend your employees against social engineering schemes. Why cybersecurity awareness is important Oftentimes the most vulnerable element in any organization’s cybersecurity defense system is an unaware employee. When someone does not know the common features of a social engineering cyber attack they can easily fall for even the most widespread cyber attack schemes. Educating employees on signs to look out for that might indicate a hidden cyberattack attempt and training employees on security policies and appropriate responses is essential to creating a resilient company-wide cybersecurity policy. Three common types of social engineering attacks To understand how to identify, trace, and respond to social engineering cyber attacks, it is important to get to know the most common forms that social engineering attacks can take. A social engineering attack occurs when a bad actor contacts an unsuspecting individual and attempts to trick them into providing sensitive information (such as credit card details or medical records) or completing a particular action (such as clicking on a contaminated link or signing up for a service). Social engineering attacks can be conducted over the phone, or via email, text message, or direct social media message. Let’s take a look at the three most common types of social engineering cyber attacks: Phishing Phishing is a type of social engineering attack that has bad actors posing as legitimate, and oftentimes familiar, contacts to extort valuable information from victims, such as bank account details or passwords. Phishing attacks can come in the form of emails claiming to be from legitimate sources- such as a government body, software company you use, or relative. Bad actors can hack someone’s legitimate account, making the communication seem more convincing, or they can impersonate an official organization, copying their logo and content style. Pretexting Pretexting attacks occur when a bad actor invents a story to gain an unsuspecting victim’s trust. The bad actor then uses this trust to trick or convince the victim into sharing sensitive data, completing an action, or otherwise accidentally causing harm to themselves or their affiliated organizations. Bad actors may use pretexting to manipulate an individual into downloading malware or compromised software, sending money, or providing private information, including financial details. Baiting | Malware Hack Threat Medical | ★★ | |
 |
2023-07-17 09:30:00 | Vendeur de la technologie de la santé à payer 31 millions de dollars après les allégations de pots-de-vin Health Tech Vendor to Pay $31m After Kickback Allegations (lien direct) |
Nextgen Healthcare a été accusé d'avoir violé la loi sur les fausses réclamations
NextGen Healthcare was accused of violating False Claims Act |
Medical | ★★ | |
 |
2023-07-14 13:30:00 | Key findings from ESET Threat Report H1 2023 – Week in security with Tony Anscombe (lien direct) | Voici comment les cybercriminels ont ajusté leurs tactiques en réponse aux politiques de sécurité plus strictes de Microsoft, ainsi que d'autres résultats intéressants du nouveau rapport de menace d'Eset \\
Here\'s how cybercriminals have adjusted their tactics in response to Microsoft\'s stricter security policies, plus other interesting findings from ESET\'s new Threat Report |
Threat Studies Medical | ★★★★ | |
|
2023-07-11 19:19:00 | Les procureurs britanniques disent que Teen Lapsus $ était derrière des hacks sur Uber, Rockstar British prosecutors say teen Lapsus$ member was behind hacks on Uber, Rockstar (lien direct) |
Un tribunal de la Couronne britannique a levé mardi une restriction de reportage, permettant la dénomination de l'adolescent Arion Kurtaj qui est accusé d'avoir piraté les jeux Rockstar à Uber, Revolut et Video Games Rockstar Games dans un court laps de temps en septembre dernier.Kurtaj, maintenant âgé de 18 ans, n'a pas été jugé adapté à être jugé par des professionnels de la santé.Le jury
A British Crown Court on Tuesday lifted a reporting restriction, allowing the naming of teenager Arion Kurtaj who is accused of hacking Uber, Revolut, and video game developer Rockstar Games in a short period of time last September. Kurtaj, now 18, has been deemed not fit to stand trial by medical professionals. The jury will |
Medical | Uber | ★★★ |
|
2023-07-04 13:00:00 | CISA émet un avertissement pour la vulnérabilité du système de dispositifs cardiaques CISA issues warning for cardiac device system vulnerability (lien direct) |
L'Agence de sécurité de la cybersécurité et de l'infrastructure (CISA) averti d'une vulnérabilité sévère dans un appareil cardiaque de la société de dispositifs médicaux Medtronic.Le problème & # 8211;suivi comme CVE-2023-31222 & # 8211;Procure un score CVSS «critique» de 9,8 sur 10 et affecte le logiciel Paceart Optima de l'entreprise qui fonctionne sur un serveur Windows de Healthcare Organisation \\.L'application
The Cybersecurity and Infrastructure Security Agency (CISA) warned of a severe vulnerability in a cardiac device from medical device company Medtronic. The issue – tracked as CVE-2023-31222 – carries a “critical” CVSS score of 9.8 out of 10 and affects the company\'s Paceart Optima software that runs on a healthcare organization\'s Windows server. The application |
Vulnerability Medical | ★★ | |
|
2023-06-28 10:00:00 | La cybersécurité n'est pas un outil ou un logiciel;est un état d'esprit: combler l'écart pour les changeurs de carrière Cybersecurity is not a tool or software piece; is a state of mind: Bridging the gap for career changers (lien direct) |
Introduction In recent years, the field of cybersecurity has witnessed a significant influx of professionals from non-Information Technology (IT) backgrounds who are making the leap into this dynamic industry. As a cybersecurity technical developer and instructor, I have had the privilege of delivering many customers in-person and virtual training courses and meeting numerous individuals seeking to transition into cybersecurity from diverse non-IT related fields. I can remember Cindy, a lawyer in a large firm, not really finding fulfillment after a “boring” eighteen months at the firm. Also, Ann, an actress with over 17 successful years of movie and theater experience, wanting to get into the industry for higher income to support her daughter. Then Richard, a radiologist tired of the customer abuse he was receiving and wanting more in life. Everything starts with the right mindset at the onset; and not every career in cybersecurity is deeply technical. Cybersecurity is a broad field and cybersecurity professionals may do their jobs in a variety of ways. This includes the following roles - keeping in mind that at least two of them are not 100% technical. They can have roles that protect a company’s internal networks and data from outside threat actors as information security professionals. They can have roles in risk management where they can confirm businesses take appropriate measures to protect against cybercrime. They can have roles where they can confirm businesses comply with local, state, and federal cybersecurity and data protections laws. Aside from being super solid on the OSI Model, hands-on TCP/IP, networking skills, a couple of industry certifications, a drive to self-study, some basic coding and a couple of bootcamps, an aspiring cybersecurity professional must also consider their skills. They bring things to the table from the fields where they come from, which are useful, fully transferable and appreciated! Sometimes as “seasoned professionals” we forget to investigate fresh ways to pivot in incident response (IR) scenarios for example. Technical skills can, with some education, hands-on practice, and self-study, be mastered, but the main ones that you will need for the transition are not going to be found in the classroom, or in the computer screen. These are the face-to-face interactions we have with friends, family, coworkers, and strangers. In other words, the soft skills; those skills that cannot be coded or productized but indeed can be monetized. Transitioning from entertainment/law/health and many other industries to the cybersecurity field does bring valuable transferable skills. In this article I aim to explore the many valuable skills career changers bring to the table and highlight seven essential skills they must possess to successfully embark on this exciting and amazing journey. Attention to detail: Actors pay great attention to detail, focusing on nuances in dialogue, characterization, and stage directions. In cybersecurity, meticulousness is essential when reviewing code, identifying vulnerabilities, conducting security assessments, and analyzing logs. Her ability to spot inconsistencies and pay attention to minute details can be valuable. Radiology technicians work with complex medical imaging equipment, where precision and attention to detail are crucial. This skill translates well to the cybersecurity field, where professionals need to analyze large amounts of data, identify vulnerabilities, and detect potential threats with accuracy. Lawyers pay great attention to detail when reviewing legal documents, contracts, and evidence. This attention to detail can be valuable in cybersecurity, where professionals must review policies, analyze security controls, and identify potential vulnerabilities. They can also contribute to ensuring cybersecurity practices align with legal and regulatory standards. | Tool Vulnerability Threat Medical | ★★★ | |
 |
2023-06-27 17:00:00 | Pourquoi le mandat SBOM de la FDA \\ change le jeu pour la sécurité OSS Why the FDA\\'s SBOM Mandate Changes the Game for OSS Security (lien direct) |
Les nouvelles directives de la FDA Software Bill of Materials (SBOM) pour les dispositifs médicaux pourraient avoir un impact large sur l'industrie des soins de santé et l'écosystème open source plus large.
The new FDA software bill of materials (SBOM) guidelines for medical devices could have broad impact on the healthcare industry and the broader open source ecosystem. |
Medical | ★★ | |
 |
2023-06-27 14:42:43 | Dispositifs médicaux connectés - la prochaine cible pour les attaques de ransomwares Connected Medical Devices-the Next Target for Ransomware Attacks (lien direct) |
Les nouvelles directives de la FDA Software Bill of Materials (SBOM) pour les dispositifs médicaux pourraient avoir un impact large sur l'industrie des soins de santé et l'écosystème open source plus large.
The new FDA software bill of materials (SBOM) guidelines for medical devices could have broad impact on the healthcare industry and the broader open source ecosystem. |
Ransomware Medical | ★★★ | |
 |
2023-06-22 17:57:08 | Maintenant, les extorqueurs noirs menacent de divulguer des photos de chirurgie plastique volées Now BlackCat extortionists threaten to leak stolen plastic surgery pics (lien direct) |
Partage d'un patient cancéreux \\ Snaps nues plus tôt n'était pas assez pour ces scumbags gang ransomware Blackcat prétend avoir infecté un centre de chirurgie plastique, volé "lots" de dossiers médicaux très sensibles, et a juré de divulguer des photos des patients si la clinique ne paie pas.…
Sharing a cancer patient\'s nude snaps earlier wasn\'t enough for these scumbags Ransomware gang BlackCat claims it infected a plastic surgery center, stole "lots" of highly sensitive medical records, and has vowed to leak patients\' photos if the clinic doesn\'t pay up.… |
Medical | ★★★ | |
 |
2023-06-14 13:46:07 | Medigauter par Claroty et Siemens Healthineers collaborent à la cybersécurité de bout en bout Medigate by Claroty and Siemens Healthineers Collaborate in End-to-End Cybersecurity (lien direct) |
Medigaute par Claroty et Siemens Healthineers collaborent à la cybersécurité de bout en bout.Siemens Healthineers ACTSAFE Solution Uside Medigate par Claroty Software;Le partage de données de sécurité des dispositifs médicaux stimule les clients \\ 'Gestion des risques et efficacité opérationnelle
-
nouvelles commerciales
Medigate by Claroty and Siemens Healthineers Collaborate in End-to-End Cybersecurity. Siemens Healthineers ActSafe solution leverages Medigate by Claroty software; medical device security data sharing boosts customers\' risk management and operational efficiency - Business News |
Medical | ★★ | |
|
2023-06-07 07:47:24 | La nouvelle étude de Veracode révèle que la sécurité des logiciels dans les organismes du secteur public est insuffisante (lien direct) | La nouvelle étude de Veracode révèle que la sécurité des logiciels dans les organismes du secteur public est insuffisante. Le rapport State of Software Security Public Sector 2023 de Veracode révèle des failles de sécurité dans 82 % des applications gouvernementales. Le secteur public est plus performant que le secteur privé dans certains domaines. Veracode a publié une étude révélant que les applications développées par les organisations du secteur public présentent généralement un nombre plus élevé de (...) - Investigations | Studies Medical | ★★★ | |
 |
2023-05-25 16:12:22 | La violation des données chez Apria Healthcare affecte 2 millions de personnes maintenant informés Data Breach At Apria Healthcare Affects 2 Million People Now Notified (lien direct) |
Apria Healthcare, un fabricant d'équipements médicaux pour la maison, envoie des notifications de violation à environ deux millions de personnes dont les informations peuvent avoir été volées dans des violations de données en 2019 et 2021. Près de deux millions de personnes aux États-Unis comptent sur APRIA, ce qui fait de l'APRIA, ce qui fait de l'APRIA, ce qui fait de l'APRIA, ce qui réalise APRIA, ce qui fait de l'APRIA, ce qui a faitC'est l'un des meilleurs fournisseurs de respiratoires à domicile [& # 8230;]
Apria Healthcare, a manufacturer of medical equipment for the home, is sending out breach notifications to roughly two million people whose information may have been stolen in data breaches in 2019 and 2021. Close to two million people in the United States rely on Apria, making it one of the top providers of home respiratory […] |
Data Breach Medical | ★★ | |
|
2023-05-25 08:29:13 | Ministère de la Justice rapié par l'ICO pour une fuite de données à l'ancienne Ministry of Justice rapped by ICO for old fashioned data leak (lien direct) |
Oubliez des seaux AWS, des sacs d'informations médicales et personnelles sur les détenus et leurs gardes laissés dans \\ 'non sécurisé \' zone de prison nous reculons dans le monde analogique pour cette histoire de malheur queImplique des sacs et des sacs de données sensibles non scellées dans une zone «non garantie» d'une prison.La pénalité financière pour cela?Une gifle sur le poignet du ministère de la Justice de la Grande-Bretagne…
Forget AWS buckets, bags of medical and personal info on inmates and their guards left in \'unsecured\' area of prison We step back into the analogue world for this tale of woe that involves bags and bags of sensitive data being left unsealed in an “unsecured” area of a prison. The financial penalty for doing so? A slap on the wrist for Britain\'s Ministry of Justice.… |
Medical | ★★ | |
|
2023-05-23 19:33:00 | L'assureur santé indique que des informations sur les patients ont été volées dans une attaque de ransomware Health insurer says patients\\' information was stolen in ransomware attack (lien direct) |
L'un des plus grands assureurs de santé de la Nouvelle-Angleterre a informé mardi des clients actuels et anciens que les données, y compris les antécédents médicaux et les diagnostics des patients, ont été copiées et prises lors d'une attaque de ransomware.Point32Health - qui supervise le plan de santé des soins de santé et Tufts de Harvard - a déclaré d'abord Découvert L'incident le 17 avril le 17 avrilet a lancé une enquête
One of New England\'s largest health insurers notified current and former customers Tuesday that data including patient medical history and diagnoses was copied and taken during a ransomware attack. Point32Health - which oversees Harvard Pilgrim Health Care and Tufts Health Plan - said it first discovered the incident on April 17 and launched an investigation |
Ransomware Medical | ★★ | |
|
2023-05-23 10:00:00 | L'intersection de la télésanté, de l'IA et de la cybersécurité The intersection of telehealth, AI, and Cybersecurity (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. Artificial intelligence is the hottest topic in tech today. AI algorithms are capable of breaking down massive amounts of data in the blink of an eye and have the potential to help us all lead healthier, happier lives. The power of machine learning means that AI-integrated telehealth services are on the rise, too. Almost every progressive provider today uses some amount of AI to track patients’ health data, schedule appointments, or automatically order medicine. However, AI-integrated telehealth may pose a cybersecurity risk. New technology is vulnerable to malicious actors and complex AI systems are largely reliant on a web of interconnected Internet of Things (IoT) devices. Before adopting AI, providers and patients must understand the unique opportunities and challenges that come with automation and algorithms. Improving the healthcare consumer journey Effective telehealth care is all about connecting patients with the right provider at the right time. Folks who need treatment can’t be delayed by bureaucratic practices or burdensome red tape. AI can improve the patient journey by automating monotonous tasks and improving the efficiency of customer identity and access management (CIAM) software. CIAM software that uses AI can utilize digital identity solutions to automate the registration and patient service process. This is important, as most patients say that they’d rather resolve their own questions and queries on their own before speaking to a service agent. Self-service features even allow patients to share important third-party data with telehealth systems via IoT tech like smartwatches. AI-integrated CIAM software is interoperable, too. This means that patients and providers can connect to the CIAM using omnichannel pathways. As a result, users can use data from multiple systems within the same telehealth digital ecosystem. However, this omnichannel approach to the healthcare consumer journey still needs to be HIPAA compliant and protect patient privacy. Medicine and diagnoses Misdiagnoses are more common than most people realize. In the US, 12 million people are misdiagnosed every year. Diagnoses may be even more tricky via telehealth, as doctors can’t read patients\' body language or physically inspect their symptoms. AI can improve the accuracy of diagnoses by leveraging machine learning algorithms during the decision-making process. These programs can be taught how to distinguish between different types of diseases and may point doctors in the right direction. Preliminary findings suggest that this can improve the accuracy of medical diagnoses to 99.5%. Automated programs can help patients maintain their medicine and re-order repeat prescriptions. This is particularly important for rural patients who are unable to visit the doctor\'s office and may have limited time to call in. As a result, telehealth portals that use AI to automate the process help providers close the rural-urban divide. Ethical considerations AI has clear benefits in telehealth. However, machine learning programs and automated platforms do put patient data at i | Medical | ChatGPT ChatGPT | ★★ |
|
2023-05-22 10:00:00 | Partager les données de votre entreprise avec Chatgpt: à quel point est-elle risquée? Sharing your business\\'s data with ChatGPT: How risky is it? (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. As a natural language processing model, ChatGPT - and other similar machine learning-based language models - is trained on huge amounts of textual data. Processing all this data, ChatGPT can produce written responses that sound like they come from a real human being. ChatGPT learns from the data it ingests. If this information includes your sensitive business data, then sharing it with ChatGPT could potentially be risky and lead to cybersecurity concerns. For example, what if you feed ChatGPT pre-earnings company financial information, company proprietary software codeor materials used for internal presentations without realizing that practically anybody could obtain that sensitive information just by asking ChatGPT about it? If you use your smartphone to engage with ChatGPT, then a smartphone security breach could be all it takes to access your ChatGPT query history. In light of these implications, let\'s discuss if - and how - ChatGPT stores its users\' input data, as well as potential risks you may face when sharing sensitive business data with ChatGPT. Does ChatGPT store users’ input data? The answer is complicated. While ChatGPT does not automatically add data from queries to models specifically to make this data available for others to query, any prompt does become visible to OpenAI, the organization behind the large language model. Although no membership inference attacks have yet been carried out against the large language learning models that drive ChatGPT, databases containing saved prompts as well as embedded learnings could be potentially compromised by a cybersecurity breach. OpenAI, the parent company that developed ChatGPT, is working with other companies to limit the general access that language learning models have to personal data and sensitive information. But the technology is still in its nascent developing stages - ChatGPT was only just released to the public in November of last year. By just two months into its public release, ChatGPT had been accessed by over 100 million users, making it the fastest-growing consumer app ever at record-breaking speeds. With such rapid growth and expansion, regulations have been slow to keep up. The user base is so broad that there are abundant security gaps and vulnerabilities throughout the model. Risks of sharing business data with ChatGPT In June 2021, researchers from Apple, Stanford University, Google, Harvard University, and others published a paper that revealed that GPT-2, a language learning model similar to ChatGPT, could accurately recall sensitive information from training documents. The report found that GPT-2 could call up information with specific personal identifiers, recreate exact sequences of text, and provide other sensitive information when prompted. These “training data extraction attacks” could present a growing threat to the security of researchers working on machine learning models, as hackers may be able to access machine learning researcher data and steal their protected intellectual property. One data security company called Cyberhaven has released reports of ChatGPT cybersecurity vulnerabilities it has recently prevented. According to the reports, Cyberhaven has identified and prevented insecure requ | Tool Threat Medical | ChatGPT ChatGPT | ★★ |
|
2023-05-16 08:30:00 | PharMerica Breach Hits Over 5.8 Million Customers (lien direct) | Données médicales et d'assurance exposées dans une attaque de ransomware
Medical and insurance data exposed in ransomware attack |
Ransomware Medical | ★★ | |
 |
2023-05-15 14:10:40 | Ransomware gang steals data of 5.8 million PharMerica patients (lien direct) | Pharmacy services provider PharMerica has disclosed a massive data breach impacting over 5.8 million patients, exposing their medical data to hackers. [...]
Pharmacy services provider PharMerica has disclosed a massive data breach impacting over 5.8 million patients, exposing their medical data to hackers. [...] |
Ransomware Data Breach Medical | ★★ | |
 |
2023-05-11 13:15:13 | CVE-2023-29863 (lien direct) | Medical Systems Co. Medisys Weblab Products V19.4.03 a été découvert qu'il contenait une vulnérabilité d'injection SQL via le paramètre TEM: Instruction dans les fichiers WSDL.
Medical Systems Co. Medisys Weblab Products v19.4.03 was discovered to contain a SQL injection vulnerability via the tem:statement parameter in the WSDL files. |
Vulnerability Medical | ||
|
2023-05-03 20:38:00 | La vulnérabilité des équipements de séquençage d'ADN ajoute une nouvelle torsion aux cyber-menaces de dispositifs médicaux DNA Sequencing Equipment Vulnerability Adds New Twist to Medical Device Cyber Threats (lien direct) |
Une vulnérabilité dans un séquenceur d'ADN met en évidence la surface d'attaque élargie des organisations de soins de santé, mais montre également que la déclaration des vulnérabilités des dispositifs médicaux fonctionne.
A vulnerability in a DNA sequencer highlights the expanded attack surface area of healthcare organizations but also shows that reporting of medical device vulnerabilities works. |
Vulnerability Medical | ★★★ | |
|
2023-05-01 10:00:00 | Le rôle de l'IA dans les soins de santé: révolutionner l'industrie des soins de santé The role of AI in healthcare: Revolutionizing the healthcare industry (lien direct) |
Le contenu de ce post est uniquement la responsabilité de l'auteur. & nbsp;AT & amp; t n'adopte ni n'approuve aucune des vues, des positions ou des informations fournies par l'auteur dans cet article. & Nbsp; Introduction L'intelligence artificielle (AI) est le mimétisme de certains aspects du comportement humain tels que le traitement du langage et la prise de décision en utilisant de grands modèles de langage (LLM) et le traitement du langage naturel (PNL). Les LLM sont un type spécifique d'IA qui analyse et génèrent un langage naturel à l'aide d'algorithmes d'apprentissage en profondeur.Les programmes d'IA sont faits pour penser comme les humains et imiter leurs actions sans être biaisés ou influencés par les émotions. LLMS fournit des systèmes pour traiter les grands ensembles de données et fournir une vue plus claire de la tâche à accomplir.L'IA peut être utilisée pour identifier les modèles, analyser les données et faire des prédictions basées sur les données qui leur sont fournies.Il peut être utilisé comme chatbots, assistants virtuels, traduction du langage et systèmes de traitement d'image. Certains principaux fournisseurs d'IA sont des chatppt par Open AI, Bard par Google, Bing AI par Microsoft et Watson AI par IBM.L'IA a le potentiel de révolutionner diverses industries, notamment le transport, la finance, les soins de santé et plus encore en prenant des décisions rapides, précises et éclairées avec l'aide de grands ensembles de données.Dans cet article, nous parlerons de certaines applications de l'IA dans les soins de santé. Applications de l'IA dans les soins de santé Il existe plusieurs applications de l'IA qui ont été mises en œuvre dans le secteur des soins de santé qui s'est avérée très réussie. Certains exemples sont: Imagerie médicale: Les algorithmes AI sont utilisés pour analyser des images médicales telles que les rayons X, les analyses d'IRM et les tomodensitométrie.Les algorithmes d'IA peuvent aider les radiologues à identifier les anomalies - aider les radiologues à faire des diagnostics plus précis.Par exemple, Google & rsquo; S AI Powered DeepMind a montré une précision similaire par rapport aux radiologues humains dans l'identification du cancer du sein. & nbsp; Médecine personnalisée: L'IA peut être utilisée pour générer des informations sur les biomarqueurs, les informations génétiques, les allergies et les évaluations psychologiques pour personnaliser le meilleur traitement des patients. . Ces données peuvent être utilisées pour prédire comment le patient réagira à divers cours de traitement pour une certaine condition.Cela peut minimiser les effets indésirables et réduire les coûts des options de traitement inutiles ou coûteuses.De même, il peut être utilisé pour traiter les troubles génétiques avec des plans de traitement personnalisés.Par exemple, Genomics profonde est une entreprise utilisant des systèmes d'IA pour développer des traitements personnalisés pour les troubles génétiques. Diagnostic de la maladie: Les systèmes d'IA peuvent être utilisés pour analyser les données des patients, y compris les antécédents médicaux et les résultats des tests pour établir un diagnostic plus précis et précoce des conditions mortelles comme le cancer.Par exemple, Pfizer a collaboré avec différents services basés sur l'IA pour diagnostiquer les maladies et IBM Watson utilise les PNL et les algorithmes d'apprentissage automatique pour l'oncologie dans l'élaboration de plans de traitement pour les patients atteints de cancer. Découverte de médicaments: L'IA peut être utilisée en R & amp; D pour la découverte de médicaments, ce qui rend le processus plus rapidement.L'IA peut supprimer certaines | Prediction Medical | ChatGPT ChatGPT | ★★ |
 |
2023-04-29 10:04:00 | CISA met en garde contre les défauts critiques dans les instruments de séquençage d'ADN d'Illumina \\ CISA Warns of Critical Flaws in Illumina\\'s DNA Sequencing Instruments (lien direct) |
L'Agence américaine de sécurité de la cybersécurité et de l'infrastructure (CISA) a publié un avertissement consultatif médical des systèmes de contrôle industriel (ICS) d'un défaut critique ayant un impact sur les dispositifs médicaux Illumina.
Les problèmes ont un impact sur le logiciel Universal Copy Service (UCS) dans l'illuminaMiseqdx, NextSeq 550DX, ISCAN, ISEQ 100, MINISEQ, MISEQ, NEXTSEQ 500, NextSeq 550, NextSeq 1000/2000 et Novaseq 6000 ADN
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released an Industrial Control Systems (ICS) medical advisory warning of a critical flaw impacting Illumina medical devices. The issues impact the Universal Copy Service (UCS) software in the Illumina MiSeqDx, NextSeq 550Dx, iScan, iSeq 100, MiniSeq, MiSeq, NextSeq 500, NextSeq 550, NextSeq 1000/2000, and NovaSeq 6000 DNA |
Industrial Medical | ★★ | |
|
2023-04-24 10:56:00 | Sécuriser l'écosystème Edge Research mondial publié & # 8211;Rapport gratuit disponible Securing the Edge Ecosystem Global Research released – Complimentary report available (lien direct) |
AT&T Cybersecurity is committed to providing thought leadership to help you strategically plan for an evolving cybersecurity landscape. Our 2023 AT&T Cybersecurity InsightsTM Report: Edge Ecosystem is now available. It describes the common characteristics of an edge computing environment, the top use cases and security trends, and key recommendations for strategic planning. Get your free copy now. This is the 12th edition of our vendor-neutral and forward-looking report. During the last four years, the annual AT&T Cybersecurity Insights Report has focused on edge migration. Past reports have documented how we interact using edge computing (get the 2020 report) benefit from edge computing (get the 2021 report) secure the data, applications, and endpoints that rely on edge computing (get the 2022 report) This year’s report reveals how the edge ecosystem is maturing along with our guidance on adapting and managing this new era of computing. Watch the webcast to hear more about our findings. The robust quantitative field survey reached 1,418 professionals in security, IT, application development, and line of business from around the world. The qualitative research tapped subject matter experts across the cybersecurity industry. At the onset of our research, we set out to find the following: Momentum of edge computing in the market. Collaboration approaches to connecting and securing the edge ecosystem. Perceived risk and benefit of the common use cases in each industry surveyed. The results focus on common edge use cases in seven vertical industries – healthcare, retail, finance, manufacturing, energy and utilities, transportation, and U.S. SLED and delivers actionable advice for securing and connecting an edge ecosystem – including external trusted advisors. Finally, it examines cybersecurity and the broader edge ecosystem of networking, service providers, and top use cases. As with any piece of primary research, we found some surprising and some not-so-surprising answers to these three broad questions. Edge computing has expanded, creating a new ecosystem Because our survey focused on leaders who are using edge to solve business problems, the research revealed a set of common characteristics that respondents agreed define edge computing. A distributed model of management, intelligence, and networks. Applications, workloads, and hosting closer to users and digital assets that are generating or consuming the data, which can be on-premises and/or in the cloud. Software-defined (which can mean the dominant use of private, public, or hybrid cloud environments; however, this does not rule out on-premises environments). Understanding these common characteristics are essential as we move to an even further democratized version of computing with an abundance of connected IoT devices that will process and deliver data with velocity, volume, and variety, unlike anything we’ve previously seen. Business is embracing the value of edge deployments The primary use case of industries we sur | Ransomware Medical Cloud | ★★★ | |
|
2023-04-21 20:33:00 | Shields Health Breach expose 2,3 millions d'utilisateurs \\ 'Données Shields Health Breach Exposes 2.3M Users\\' Data (lien direct) |
Les systèmes de l'entreprise d'imagerie médicale ont été compromis par un acteur de menace, exposant les licences de conducteur \\ 's \\ et d'autres informations d'identification.
The medical imaging firm\'s systems were compromised by a threat actor, exposing patients\' driver\'s licenses and other identifying information. |
Threat Medical | ★★ | |
|
2023-04-19 15:30:00 | Systèmes d'appel d'infirmière, pompes de perfusion Nurse Call Systems, Infusion Pumps Riskiest Connected Medical Devices (lien direct) |
Les conclusions proviennent d'un nouveau rapport par Asset Visibility and Security Company Armis
The findings come from a new report by asset visibility and security company Armis |
Medical | ★★ | |
|
2023-04-12 16:00:00 | Crowdsstrike étend Falcon pour inclure l'IoT CrowdStrike Expands Falcon to Include IoT (lien direct) |
Crowdsstrike Falcon Insight pour l'IoT couvre l'Internet des objets, l'IoT industriel, la technologie des opérations, ainsi que les dispositifs médicaux.
CrowdStrike Falcon Insight for IoT covers Internet of Things, Industrial IoT, Operations Technology, as well as medical devices. |
Industrial Medical | ★★ | |
|
2023-04-06 13:45:00 | Sécuriser les dispositifs médicaux est une question de vie et de mort Securing Medical Devices is a Matter of Life and Death (lien direct) |
Les défis de la cybersécurité de l'Internet des choses médicales (IOMT) sont encore largement sans réponse
The cybersecurity challenges of the Internet of Medical Things (IoMT) are still largely unanswered |
Medical | ★★★ | |
|
2023-03-31 21:32:00 | La refonte de cybersécurité des dispositifs médicaux de la FDA \\ a de vraies dents, disent les experts [The FDA\\'s Medical Device Cybersecurity Overhaul Has Real Teeth, Experts Say] (lien direct) | Les problèmes physiques et de cyber-sécurité entourant les dispositifs médicaux comme IV Pumps sont enfin traités de manière significative par une nouvelle politique qui entre en vigueur cette semaine.
The physical and cyber safety issues surrounding medical devices like IV pumps is finally being meaningfully addressed by a new policy taking effect this week. |
Medical | ★★★ | |
|
2023-03-30 15:30:00 | La FDA protège les dispositifs médicaux contre les cyber-menaces avec de nouvelles mesures [FDA Protects Medical Devices Against Cyber-Threats With New Measures] (lien direct) | Les nouvelles applications de dispositifs médicaux devraient "surveiller, identifier et résoudre" les problèmes de cybersécurité
New medical devices applications should "monitor, identify, and address" cybersecurity issues |
Medical | ★★★ | |
|
2023-03-29 21:09:00 | La FDA peut désormais rejeter de nouveaux dispositifs médicaux par rapport aux normes de cyber [FDA can now reject new medical devices over cyber standards] (lien direct) |
La Food and Drug Administration [affirmée] (https://www.fda.gov/regulatory-information/search-fda-puidance-cuments/cybersecurity-medical-devices-refuse-accept-policy-cyber-devices-Systèmes et systèmes liés à la section) Mercredi que les fabricants de dispositifs médicaux doivent désormais prouver que leurs produits répondent à certaines normes de cybersécurité afin d'obtenir l'approbation de l'agence.Les directives ont été présentées dans le projet de loi sur les crédits omnibus signé en décembre dernier, qui a autorisé la FDA à imposer des exigences de sécurité aux fabricants et à attribuer 5 $
The Food and Drug Administration [affirmed](https://www.fda.gov/regulatory-information/search-fda-guidance-documents/cybersecurity-medical-devices-refuse-accept-policy-cyber-devices-and-related-systems-under-section) Wednesday that medical device manufacturers must now prove their products meet certain cybersecurity standards in order to get the agency\'s approval. The guidelines were laid out in the omnibus appropriations bill signed into law last December, which authorized the FDA to impose security requirements on manufacturers and allocated $5 |
Medical | ★★ | |
|
2023-03-22 14:15:16 | CVE-2023-1566 (lien direct) | Une vulnérabilité a été trouvée dans Sourcecodeter Medical Certificate Generator App 1.0.Il a été déclaré comme critique.Cette vulnérabilité affecte le code inconnu du fichier Action.php.La manipulation de l'ID d'argument conduit à l'injection de SQL.L'attaque peut être initiée à distance.L'exploit a été divulgué au public et peut être utilisé.VDB-223558 est l'identifiant attribué à cette vulnérabilité.
A vulnerability was found in SourceCodester Medical Certificate Generator App 1.0. It has been declared as critical. This vulnerability affects unknown code of the file action.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-223558 is the identifier assigned to this vulnerability. |
Vulnerability Guideline Medical | ||
 |
2023-03-20 18:30:00 | When the Absence of Noise Becomes Signal: Defensive Considerations for Lazarus FudModule (lien direct) | > En février 2023, X-Force a publié un blog intitulé & # 8220; Direct Kernel Object Manipulation (DKOM) Attacks contre les fournisseurs ETW & # 8221;Cela détaille les capacités d'un échantillon attribué au groupe Lazare se sont exploités pour altérer la visibilité des opérations de logiciels malveillants.Ce blog ne remaniera pas l'analyse de l'échantillon de logiciel malveillant Lazarus ou du traçage d'événements pour Windows (ETW) comme [& # 8230;]
>In February 2023, X-Force posted a blog entitled “Direct Kernel Object Manipulation (DKOM) Attacks on ETW Providers” that details the capabilities of a sample attributed to the Lazarus group leveraged to impair visibility of the malware’s operations. This blog will not rehash analysis of the Lazarus malware sample or Event Tracing for Windows (ETW) as […] |
Malware Medical | APT 38 | ★★★ |
|
2023-03-17 16:57:59 | Healthcare Firm ILS Alerts 4.2 Million People Of Data Breach (lien direct) | A data breach at Independent Living Systems (ILS), a Miami-based supplier of healthcare administration and managed care solutions, exposed 4,226,508 people’s data. This year’s largest revealed healthcare data breach, according to the number of affected individuals. ILS owns and manages Florida Community Care, a network of long-term care providers serving Medicaid beneficiaries throughout the state, […] | Data Breach Medical | ★★★ | |
|
2023-03-16 12:45:00 | Healthcare software firm ILS announces data breach affecting more than 4 million people (lien direct) |
The sensitive healthcare data of more than four million people was accessed by hackers who broke into the network of Independent Living Systems (ILS), a healthcare software company based in Miami. The company has provided third-party administrative services to health plans, providers, hospitals, and pharmaceutical and medical device companies for nearly two decades. ILS began |
Data Breach Medical | ★★ | |
 |
2023-03-14 19:57:32 | Cancer patient sues medical provider after ransomware group posts her photos online (lien direct) | >The suit comes about six weeks after the ransomware threatened to post sensitive material online if they weren't paid. | Ransomware Medical | ★★★ | |
|
2023-03-14 13:09:20 | 1 Million People Affected By Zoll Medical Data Breach (lien direct) | Zoll Medical, a medical technology developer, recently announced that it had suffered a data breach. The company said that the breach was detected at the end of January when it found some unusual activity on its internal network. After investigation, it found that the personal information of approximately one million individuals might have been compromised. […] | Data Breach Medical | ★★ | |
 |
2023-03-14 13:00:00 | CyberheistNews Vol 13 #11 [Heads Up] Employees Are Feeding Sensitive Biz Data to ChatGPT, Raising Security Fears (lien direct) |
CyberheistNews Vol 13 #11 | March 14th, 2023
[Heads Up] Employees Are Feeding Sensitive Biz Data to ChatGPT, Raising Security Fears
Robert Lemos at DARKReading just reported on a worrying trend. The title said it all, and the news is that more than 4% of employees have put sensitive corporate data into the large language model, raising concerns that its popularity may result in massive leaks of proprietary information. Yikes.
I'm giving you a short extract of the story and the link to the whole article is below.
"Employees are submitting sensitive business data and privacy-protected information to large language models (LLMs) such as ChatGPT, raising concerns that artificial intelligence (AI) services could be incorporating the data into their models, and that information could be retrieved at a later date if proper data security isn't in place for the service.
"In a recent report, data security service Cyberhaven detected and blocked requests to input data into ChatGPT from 4.2% of the 1.6 million workers at its client companies because of the risk of leaking confidential info, client data, source code, or regulated information to the LLM.
"In one case, an executive cut and pasted the firm's 2023 strategy document into ChatGPT and asked it to create a PowerPoint deck. In another case, a doctor input his patient's name and their medical condition and asked ChatGPT to craft a letter to the patient's insurance company.
"And as more employees use ChatGPT and other AI-based services as productivity tools, the risk will grow, says Howard Ting, CEO of Cyberhaven.
"'There was this big migration of data from on-prem to cloud, and the next big shift is going to be the migration of data into these generative apps," he says. "And how that plays out [remains to be seen] - I think, we're in pregame; we're not even in the first inning.'"
Your employees need to be stepped through new-school security awareness training so that they understand the risks of doing things like this.
Blog post with links:https://blog.knowbe4.com/employees-are-feeding-sensitive-biz-data-to-chatgpt-raising-security-fears
[New PhishER Feature] Immediately Add User-Reported Email Threats to Your M365 Blockl |
Ransomware Data Breach Spam Malware Threat Guideline Medical | ChatGPT ChatGPT | ★★ |
|
2023-03-14 12:01:00 | Medical device giant says cyberattack leaked sensitive data of 1 million people (lien direct) |
Medical device maker Zoll said a cyberattack in January exposed the sensitive information of more than 1 million people. In documents [provided](https://apps.web.maine.gov/online/aeviewer/ME/40/ab192c35-667d-4bc9-ad18-fa710bd10b15.shtml) to Maine's Attorney General, Zoll said the incident started on January 28 when they “detected unusual activity” on their internal network. The company added that information was accessed on February 2. Zoll said |
Medical | ★★★ | |
 |
2023-03-13 11:16:54 | Zoll Medical Data Breach Impacts 1 Million Individuals (lien direct) | >Zoll Medical is notifying one million individuals that their personal information was compromised in a data breach earlier this year. | Data Breach Medical | ★★ | |
|
2023-03-13 09:15:10 | CVE-2023-0888 (lien direct) | An improper neutralization of directives in dynamically evaluated code vulnerability in the WiFi Battery embedded web server in versions L90/U70 and L92/U92 can be used to gain administrative access to the WiFi communication module. An authenticated user, having access to both the medical device WiFi network (such as a biomedical engineering staff member) and the specific B.Braun Battery Pack SP with WiFi web server credentials, could get administrative (root) access on the infusion pump communication module. This could be used as a vector to start further attacks | Vulnerability Medical | ||
|
2023-03-08 16:04:00 | Lazarus Group Exploits Zero-Day Vulnerability to Hack South Korean Financial Entity (lien direct) | The North Korea-linked Lazarus Group has been observed weaponizing flaws in an undisclosed software to breach a financial business entity in South Korea twice within a span of a year. While the first attack in May 2022 entailed the use of a vulnerable version of a certificate software that's widely used by public institutions and universities, the re-infiltration in October 2022 involved the | Hack Vulnerability Medical | APT 38 | ★★★ |
 |
2023-03-07 16:30:00 | Anomali Cyber Watch: Mustang Panda Adopted MQTT Protocol, Redis Miner Optimization Risks Data Corruption, BlackLotus Bootkit Reintroduces Vulnerable UEFI Binaries (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: APT, Backdoors, Cryptojacking, Phishing, Ransomware, Secure boot bypass, and Vulnerabilities. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
MQsTTang: Mustang Panda’s Latest Backdoor Treads New Ground with Qt and MQTT
(published: March 2, 2023)
In early 2023, China-sponsored group Mustang Panda began experimenting with a new custom backdoor dubbed MQsTTang. The backdoor received its name based on the attribution and the unique use of the MQTT command and control (C2) communication protocol that is typically used for communication between IoT devices and controllers. To establish this protocol, MQsTTang uses the open source QMQTT library based on the Qt framework. MQsTTang is delivered through spearphishing malicious link pointing at a RAR archive with a single malicious executable. MQsTTang was delivered to targets in Australia, Bulgaria, Taiwan, and likely some other countries in Asia and Europe.
Analyst Comment: Mustang Panda is likely exploring this communication protocol in an attempt to hide its C2 traffic. Defense-in-depth approach should be used to stop sophisticated threats that evolve and utilize various techniques of defense evasion. Sensitive government sector workers should be educated on spearphishing threats and be wary of executable files delivered in archives.
MITRE ATT&CK: [MITRE ATT&CK] T1583.003 - Acquire Infrastructure: Virtual Private Server | [MITRE ATT&CK] T1583.004 - Acquire Infrastructure: Server | [MITRE ATT&CK] T1587.001 - Develop Capabilities: Malware | [MITRE ATT&CK] T1588.002 - Obtain Capabilities: Tool | [MITRE ATT&CK] T1608.001 - Stage Capabilities: Upload Malware | [MITRE ATT&CK] T1608.002 - Stage Capabilities: Upload Tool | [MITRE ATT&CK] T1566.002 - Phishing: Spearphishing Link | [MITRE ATT&CK] T1106: Native API | [MITRE ATT&CK] T1204.002 - User Execution: Malicious File | [MITRE ATT&CK] T1547.001 - Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder | [MITRE ATT&CK] T1036.004 - Masquerading: Masquerade Task Or Service | [MITRE ATT&CK] T1036.005 - Masquerading: Match Legitimate Name Or Location | [MITRE ATT&CK] T1480 - Execution Guardrails | [MITRE ATT&CK] T1622 - Debugger Evasion | |
Ransomware Malware Tool Vulnerability Threat Medical | ★ | |
 |
2023-03-06 23:30:00 | Lazarus Group Attack Case Using Vulnerability of Certificate Software Commonly Used by Public Institutions and Universities (lien direct) | Since two years ago (March 2021), the Lazarus group’s malware strains have been found in various Korean companies related to national defense, satellites, software, media press, etc. As such, ASEC (AhnLab Security Emergency Response Center) has been pursuing and analyzing the Lazarus threat group’s activities and related malware. The affected company in this case had been infiltrated by the Lazarus group in May 2022 and was re-infiltrated recently through the same software’s 0-Day vulnerability. During the infiltration in May 2022,... | Malware Vulnerability Threat Medical | APT 38 | ★★★ |
|
2023-03-02 07:15:08 | CVE-2023-1151 (lien direct) | A vulnerability was found in SourceCodester Electronic Medical Records System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file administrator.php of the component Cookie Handler. The manipulation of the argument userid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222163. | Vulnerability Guideline Medical | ||
|
2023-02-28 16:15:00 | Anomali Cyber Watch: Newly-Discovered WinorDLL64 Backdoor Has Code Similarities with Lazarus GhostSecret, Atharvan Backdoor Can Be Restricted to Communicate on Certain Days (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: APT, Backdoors, DLL sideloading, Infostealers, Phishing, Social engineering, and Tunneling. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
WinorDLL64: A Backdoor From The Vast Lazarus Arsenal?
(published: February 23, 2023)
When the Wslink downloader (WinorLoaderDLL64.dll) was first discovered in 2021, it had no known payload and no known attribution. Now ESET researchers have discovered a Wslink payload dubbed WinorDLL64. This backdoor uses some of Wslink functions and the Wslink-established TCP connection encrypted with 256-bit AES-CBC cipher. WinorDLL64 has some code similarities with the GhostSecret malware used by North Korea-sponsored Lazarus Group.
Analyst Comment: Wslink and WinorDLL64 use a well-developed cryptographic protocol to protect the exchanged data. Innovating advanced persistent groups like Lazarus often come out with new versions of their custom malware. It makes it important for network defenders to leverage the knowledge of a wider security community by adding relevant premium feeds and leveraging the controls automation via Anomali Platform integrations.
MITRE ATT&CK: [MITRE ATT&CK] T1587.001 - Develop Capabilities: Malware | [MITRE ATT&CK] T1059.001: PowerShell | [MITRE ATT&CK] T1106: Native API | [MITRE ATT&CK] T1134.002 - Access Token Manipulation: Create Process With Token | [MITRE ATT&CK] T1070.004 - Indicator Removal on Host: File Deletion | [MITRE ATT&CK] T1087.001 - Account Discovery: Local Account | [MITRE ATT&CK] T1087.002 - Account Discovery: Domain Account | [MITRE ATT&CK] T1083 - File And Directory Discovery | [MITRE ATT&CK] T1135 - Network Share Discovery | [MITRE ATT&CK] T1057 - Process Discovery | [MITRE ATT&CK] T1012: Query Registry | [MITRE ATT&CK] Picus: The System Information Discovery Technique Explained - MITRE ATT&CK T1082 | [MITRE ATT&CK] T1614 - System Location Discovery | [MITRE ATT&CK] T1614.001 - System Location Discovery: System Language Discovery | [MITRE ATT&CK] T1016 - System Network Configuration Discovery | [MITRE ATT&CK] T1049 - System Network Connections Discovery | |
Ransomware Malware Tool Threat Medical Medical Cloud | APT 38 | ★ |
|
2023-02-27 12:42:51 | Danish hospitals hit by cyberattack from \'Anonymous Sudan\' (lien direct) |  The websites of nine hospitals in Denmark went offline on Sunday evening following distributed-denial-of-service (DDoS) attacks from a group calling itself Anonymous Sudan. Copenhagen's health authority said on Twitter that although the websites for the hospitals were down, medical care at the facilities was unaffected by the attacks. It later added the sites were back [… |
Medical | ★★ | |
|
2023-02-27 11:00:00 | Integrating Cybersecurity in UX design (lien direct) | The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. Image Source: Pexels Integrating Cybersecurity in UX design The digital landscape has ensured a wider range of businesses has access to a truly global marketplace. On one hand, this helps bolster a thriving entrepreneurial ecosystem. However, it also means there is a significant amount of competition. If your company’s website or mobile application doesn’t provide a stellar user experience (UX), consumers are able and willing to go elsewhere. Yet, in the online environment, UX is not your only consideration. There are various threats your business and consumers face from cyber criminals. Therefore, when developing your online tools, you need to adopt effective protections. Unfortunately, many businesses struggle with implementing strong security that doesn’t also disrupt the UX. Your best approach here is usually to integrate cybersecurity with UX design. So, let’s explore why and how you can achieve this. How are UX and Cybersecurity related? One of the mistakes too many businesses make is assuming that UX and cybersecurity are separate aspects of the digital infrastructure. They can certainly have independent intentions to an extent with different goals and actions to achieve these goals. Yet, understanding how they are closely related is the first step to effective integration. In some ways one can’t — or, at least, shouldn’t — exist without the other. A good example of this is the application of web design in high-stakes sectors, like telehealth care. There are two core types of telehealth services; asynchronous care and synchronous (live) care. While there is a difference here in how patients interact with the medical professional, both types involve the collection and storage of sensitive data. It’s certainly important from a UX perspective to make both asynchronous and live processes as simple and convenient as possible for patients. Yet, this simplicity shouldn’t sacrifice the security of the data. Clear and strong security protocols give consumers confidence in the system and the company they’re interacting with. This applies to not just healthcare industries but also eCommerce, education, and supply chain sectors, among others. Similarly, consumers may be more likely to adopt more secure behaviors if they can see how it feeds into the convenience and enjoyment of their experience. This means that the UX development process must involve security considerations from the ground up, rather than as an afterthought. How can you plan effectively? As with any project, planning is essential to the successful integration of cybersecurity and UX design. An improvisatory approach that involves tacking security or UX elements onto your site or app doesn’t result in a strong development. Wherever possible, your best route is to bring both the UX departments and cybersecurity professionals together in the planning process from the outset. Each department will have insights into one another’s challenges that benefit the project as a whole. Another key part of your planning process is researching and analyzing your users’ behavior concerning the types of online tools you’re developing. Work with business analytics professionals to understand in what ways security factors into your target demographic’s preferred online experiences. | Tool Medical | ★★ | |
|
2023-02-24 09:15:10 | CVE-2023-1006 (lien direct) | A vulnerability was found in SourceCodester Medical Certificate Generator App 1.0. It has been classified as problematic. This affects an unknown part of the component New Record Handler. The manipulation of the argument lastname with the input ">prompt(1) leads to cross site scripting. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-221739. | Vulnerability Guideline Medical | ||
|
2023-02-23 22:33:00 | Student Medical Records Exposed After LAUSD Breach (lien direct) | "Hundreds" of special education students' psych records have turned up on the Dark Web. School records like these are covered by FERPA, not HIPAA, so parents have little recourse. | Medical | ★★ |
To see everything:
Our RSS (filtrered)
