SEC News

What's new arround internet

Last one

Src	Date (GMT)	Titre	Description	Tags	Stories	Notes
	2023-12-07 22:36:00	Patients d'imagerie médicale exposés dans un cyber-incident Medical Imaging Patients Exposed in Cyber Incident (lien direct)	Les acteurs non autorisés ont accédé aux informations des patients, y compris les détails des examens et de la procédure, des analyses et des numéros de sécurité sociale. Unauthorized actors accessed patient information, including exam and procedure details, scans, and Social Security numbers.	Medical		★★
	2023-12-07 21:15:00	HHS propose de nouvelles exigences de cybersécurité pour les hôpitaux via HIPAA, Medicaid et Medicare HHS proposes new cybersecurity requirements for hospitals through HIPAA, Medicaid and Medicare (lien direct)	Le ministère américain de la Santé et des Services sociaux (HHS) a déclaré qu'il prévoyait de prendre une gamme d'actions dans le but de mieux aborder les cyberattaques sur les hôpitaux, qui ont causé des dizaines de pannes à travers le pays ces derniers mois.D'abord rapporté par politico, HHS a publié un	Medical		★★
	2023-12-05 18:45:00	Les pirates prétendent violer les données médicales des forces de défense israéliennes Hackers Claim to Breach Israeli Defense Force Medical Data (lien direct)	L'équipe de Malek, qui a précédemment frappé un collège privé en Israël, revendique la responsabilité d'un piratage du Ziv Medical Center d'Israël. The Malek Team, which previously hit a private college in Israel, claims responsibility for a hack of Israel\'s Ziv Medical Center.	Hack Medical		★★
	2023-12-05 02:56:29	Regardez rapidement le nouveau guide d'atténuation des soins de santé CISA Quick Look at the New CISA Healthcare Mitigation Guide (lien direct)	C'est les petites vignes, pas les grandes branches, qui nous font trébucher dans la forêt.Apparemment, ce n'est pas différent dans les soins de santé.En novembre, l'Agence américaine de sécurité de la cybersécurité et de l'infrastructure (CISA) a publié un guide d'atténuation destiné au secteur de la santé et de la santé publique (HPH).Au milieu des défis actuels de la sécurité du cloud hybride, des considérations environnementales hyper-distribuées, un paysage de menaces alimentaires et alimentés par AI et des menaces émergentes immédiates, ce que le tout nouveau guide était, étonnamment, sur les petites choses.Ou, peut-être, pas si surprenant après tout.Atténuation... It\'s the small vines, not the large branches, that trip us up in the forest. Apparently, it\'s no different in Healthcare . In November, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a Mitigation Guide aimed at the Healthcare and Public Health (HPH) sector. In the midst of current hybrid cloud security challenges, hyper-distributed environment considerations, an AI-empowered threat landscape, and immediate nation-state emerging threats, the focus of this brand-new guide was, surprisingly, on the little things. Or, perhaps, not so surprisingly after all. Mitigation...	Threat Medical Cloud		★★★
	2023-12-04 20:00:00	Des pirates liés à l'Iran prétendent avoir divulgué des troves de documents de l'hôpital israélien Iran-linked hackers claim to leak troves of documents from Israeli hospital (lien direct)	Un groupe de pirates aurait lié l'Iran a affirmé avoir divulgué des milliers de dossiers médicaux d'un hôpital israélien, y compris ceux de soldats israéliens.Dans une cyberattaque sur Ziv Medical Center dans la ville de Safed, près de la frontière avec la Syrie et le Liban, les pirates affirmé de données datant de A hacker group allegedly linked to Iran claimed to have leaked thousands of medical records from an Israeli hospital, including those of Israeli soldiers. In a cyberattack on Ziv Medical Center in the city of Safed, near the border with Syria and Lebanon, the hackers claimed to have accessed 500GB of data dating back to	Medical		★★★
	2023-12-04 11:49:08	Applications de santé mentale: peuvent-ils faire confiance? Mental Health Apps: Can They Be Trusted? (lien direct)	In the past few years, mental health apps have witnessed massive growth thanks to their potential to fix a multitude of mental health-related problems. That said, they are not the best when it comes to managing and securing highly sensitive personal data. Mental health apps with millions of downloads have been found guilty of selling, misusing, and leaking sensitive data of their users. In this article, we have shared everything you need to know about the countless privacy concerns associated with mental health apps. Let’s see if you can trust any mainstream mental health app or if they are all the same. What Are Mental Health Apps? The name says it all, mental health apps offer tools, activities, and support to help cure serious problems like anxiety, depression, ADHD, Bipolar Disorder, substance abuse, and many more. While mental health apps can’t replace an actual doctor, they have been found to be quite effective in multiple instances. On the surface, mental health apps seem to be quite useful for the well-being of users, but you will be surprised to know that the research from Private Internet Access revealed that many mainstream apps fail to protect the privacy and security of their users. Let’s get into details and discuss all of the problems associated with mental health apps and see how they have become the biggest data-harvesting machines. Are Mental Health Apps Spying on You? Unlike other mainstream apps, mental health apps require substantially more information about their users for the app to function properly.	Data Breach Tool Threat Medical		★★★
	2023-12-04 07:33:08	La part de marché de Cybellum \\ surgit parmi les 20 principaux fabricants de l'industrie des dispositifs médicaux Cybellum\\'s market share surges among top 20 medical device industry manufacturers (lien direct)	Cybellum a annoncé avoir augmenté sa part de marché parmi les principaux fabricants de dispositifs médicaux (MDMS).Travailler avec les entreprises ... Cybellum announced that it has increased its market share amongst leading medical device manufacturers (MDMs). Working with companies...	Medical		★★
	2023-12-03 09:51:23	Détecté: vente présumée du ministère saoudien des données de la santé Detected: Alleged sale of Saudi Ministry of Health data (lien direct)	Catégorie: Contenu de la violation de données: Jenage Actor prétend avoir obtenu environ 27 Go de données de Prince Sultan Military Medical City (PSMMC) anciennement connues sous le nom d'hôpital militaire de Riyad qui est situé dans la ville de Riyad et qui les vend sur un forum de cybercriminalité.Source: OpenWeb Source Link: https://breachforums.is/thread-saudi-arabia-psmmc-med-sa menace acteur: BPP victimologie Pays: industrie de l'Arabie saoudite [& # 8230;] Category: Data Breach Content: Threat actor claims to have obtained about 27 GB of Prince Sultan Military Medical City (PSMMC) data formerly known as Riyadh Military Hospital that is located in Riyadh City and is selling it on a cybercrime forum. Source: openweb Source Link: https://breachforums.is/Thread-Saudi-Arabia-psmmc-med-sa Threat Actor: Bpp Victimology Country : Saudi Arabia Industry […]	Data Breach Threat Medical		★
	2023-11-29 22:00:00	Hôpitaux du New Jersey, Pennsylvanie touchés par les cyberattaques New Jersey, Pennsylvania hospitals affected by cyberattacks (lien direct)	Les hôpitaux du New Jersey et de la Pennsylvanie traitent les ramifications des cyberattaques cette semaine après plusieurs incidents similaires qui ont eu lieu pendant les vacances de Thanksgiving.Cette semaine, Capital Health a déclaré qu'il subissait des pannes de réseau en raison d'un incident de cybersécurité.L'entreprise gère deux hôpitaux - Centre médical régional à Trenton et Capital Health Hospitals in New Jersey and Pennsylvania are dealing with the ramifications of cyberattacks this week following several similar incidents that took place during the Thanksgiving holiday. This week, Capital Health said it is experiencing network outages because of a cybersecurity incident. The company runs two hospitals - Regional Medical Center in Trenton and Capital Health	Medical		★★
	2023-11-28 20:45:00	Le fabricant de soins de santé Henry Schein s'attend à ce que la plate-forme est restaurée cette semaine après la cyberattaque Healthcare manufacturer Henry Schein expects platform restored this week after cyberattack (lien direct)	Aux États-Unis, l'un des plus grands distributeurs de produits de santé aux États-Unis a restauré certains de ses systèmes après plus d'un mois de perturbations liées à plusieurs cyberattaques.Henry Schein, qui a rapporté plus de 12,5 milliards de dollars de ventes l'année dernière et compte plus d'un million de clients dans le monde, a dit lundi qu'il a One of the largest distributors of healthcare products in the U.S. has restored some of its systems this week after more than a month of disruptions related to multiple cyberattacks. Henry Schein, which reported more than $12.5 billion in sales last year and has more than one million customers worldwide, said on Monday it has	Medical Medical		★★
	2023-11-28 09:53:13	Les hôpitaux ardents détournent les patients après une attaque de ransomware Ardent Hospitals Diverting Patients Following Ransomware Attack (lien direct)	> L'attaque de ransomware oblige les hôpitaux ardents à fermer les systèmes, un impact sur les opérations cliniques et financières. >Ransomware attack forces Ardent hospitals to shut down systems, impacting clinical and financial operations.	Ransomware Medical		★★
	2023-11-27 21:35:00	Les hôpitaux de santé ardents perturbés après une attaque de ransomware Ardent Health Hospitals Disrupted After Ransomware Attack (lien direct)	Plus de deux douzaines d'hôpitaux ont été touchés par la violation et détournent les soins d'urgence pour les patients dans d'autres établissements de santé. More than two dozen hospitals have been impacted by the breach and are diverting emergency care for patients to other healthcare facilities.	Ransomware Medical		★★★
	2023-11-27 18:34:00	Plusieurs hôpitaux détournent les ambulances après une attaque de ransomware contre la société mère Multiple hospitals divert ambulances after ransomware attack on parent company (lien direct)	Les hôpitaux de plusieurs États sont confrontés à des problèmes en raison d'une attaque de ransomware contre la société mère Ardent Health Services, qui a confirmé lundi après-midi qu'il répondait à un incident.Ardent, basé à Nashville, gère 37 établissements de santé aux États-Unis depuis Thanksgiving, plusieurs médias locaux ont rapporté que les hôpitaux de leur région sont Hospitals in several states are facing issues due to a ransomware attack on parent company Ardent Health Services, which confirmed on Monday afternoon that it was responding to an incident. Ardent, based in Nashville, runs 37 healthcare facilities across the U.S. Since Thanksgiving, multiple local news outlets have reported that hospitals in their area are	Ransomware Medical		★★★
	2023-11-26 22:00:00	Ardent Health Hospitals Disrupted After Ransomware Attack (lien direct)	Plus de deux douzaines d'hôpitaux ont été touchés par la violation et détournent les soins d'urgence pour les patients dans d'autres établissements de santé. More than two dozen hospitals have been impacted by the breach and are diverting emergency care for patients to other healthcare facilities.	Ransomware Medical		★★★
	2023-11-21 19:37:00	Intérieur Job: Cyber Exec admet aux hacks hospitaliers Inside Job: Cyber Exec Admits to Hospital Hacks (lien direct)	Le directeur des services de santé de Healthcare Vikas Singla admet avoir caché les opérations de l'hôpital, puis en utilisant les incidents pour essayer de gin up supplémentaire. Healthcare cyber services executive Vikas Singla admits to hobbling hospital operations, then using the incidents to try and gin up extra business.	Medical		★★★
	2023-11-20 23:00:00	Ce que les chefs de santé de la cybersécurité devraient connaître les directives de la section 524b de la FDA \\ What Healthcare Cybersecurity Leaders Should Know About the FDA\\'s Section 524B Guidelines (lien direct)	Les nouvelles réglementations de cybersécurité de la FDA décrivent les étapes spécifiques que les sociétés de dispositifs médicales doivent prendre pour appliquer leurs appareils pour le marché. New cybersecurity regulations from the FDA outline specific steps that medical device companies must take in order to get their devices approved for market.	Medical Medical		★★★
	2023-11-20 18:57:25	Hacker divulgue les dossiers de vaccination de plus de 2 millions de citoyens turcs Hacker Leaks Vaccination Records of Over 2 Million Turkish Citizens (lien direct)	> Par waqas La base de données a été divulguée en septembre 2023;Cependant, il est toujours accessible aux personnes ayant un accès au forum. Ceci est un article de HackRead.com Lire le post original: Les hackers divulguent les dossiers de vaccination de plus de 2 millions de citoyens turcs >By Waqas The database was leaked in September 2023; however, it is still accessible to individuals with forum access. This is a post from HackRead.com Read the original post: Hacker Leaks Vaccination Records of Over 2 Million Turkish Citizens	Data Breach Medical		★★★
	2023-11-20 18:30:00	Près de 9 millions de patients \\ 'Records compromis en violation de données Nearly 9 million patients\\' records compromised in data breach (lien direct)	Une cyberattaque dans une entreprise de transcription médicale a compromis les données de santé très sensibles appartenant à près de quatre millions de patients chez Northwell Health, le plus grand fournisseur de soins de santé de Northwell Santé de New York.La brèche a également eu un impact sur un système de santé dans l'Illinois, Cook County Health, qui a révélé que 1,2 million de ses patients ont été touchés .Environ quatre millions A cyberattack on a medical transcription company compromised highly sensitive health data belonging to nearly four million patients at Northwell Health, New York State\'s largest healthcare provider and private employer. The breach also impacted a healthcare system in Illinois, Cook County Health, which disclosed that 1.2 million of its patients were affected. About four million	Data Breach Medical		★★
	2023-11-20 14:52:02	CISA publie des conseils de cybersécurité pour les soins de santé, les organisations de santé publique CISA Releases Cybersecurity Guidance for Healthcare, Public Health Organizations (lien direct)	> Nouveaux orientations CISA détaille les cyber-menaces et les risques pour les organisations de santé et de santé publique et recommande des atténuations. >New CISA guidance details cyber threats and risks to healthcare and public health organizations and recommends mitigations.	Medical		★★★
	2023-11-16 23:00:00	Sécurité du secteur de la santé : sensibilisation, deploiement d\'outils et coopération sont un must (lien direct)	Lors de Cloud & Cyber Security Expo à Paris une conférence sur les Cyberattaques dans le domaine de la santé était animée par Valentin Jangwa, de Global Security Mag, qui sera le avec autour de lui Quentin Le Thiec, Expert cybersécurité, ANS - CERT Santé, Rémi Tilly, Directeur du département Sécurité des Systèmes d'Information, SESAN et Cedric Voisin, Group CIO and CISO, Doctolib - Investigations / affiche	Medical Cloud		★★★
	2023-11-15 15:13:33	Guide CNIL : gérer les durées de conservation des données dans le médico-social (lien direct)	La CNIL propose un nouveau référentiel concernant le secteur social et médico-social. Mission, aider à gérer les durées de conservation des données....	Medical		★★
	2023-11-15 15:07:18	Guide CNIL : durées de conservation des données dans le secteur social et médico-social (lien direct)	Dans le domaine complexe et crucial des secteurs social et médico-social, la gestion des données est une préoccupation majeure. Pour aider les acteurs de ces secteurs à naviguer efficacement dans ce paysage, un nouveau référentiel a été élaboré par la CNIL. Son objectif ? Guider de manière opérationnelle les acteurs dans l’identification et la détermination … Continue reading Guide CNIL : durées de conservation des données dans le secteur social et médico-social	Medical		★★
	2023-11-10 18:05:00	La norme médicale DICOM en fuite expose des millions de dossiers de patients Leaky DICOM Medical Standard Exposes Millions of Patient Records (lien direct)	Un protocole de 30 ans et rarement mis à jour pour les dispositifs médicaux a exposé des rames de données très personnelles, grâce à un manque de sécurité appropriée dans les environnements du propriétaire. A 30-year-old, rarely updated protocol for medical devices has exposed reams of highly personal data, thanks to a lack of proper security throughout owner environments.	Vulnerability Medical		★★★
	2023-11-09 15:33:43	La société médicale a condamné à une amende de 450 000 $ par New York AG pour une violation de données Medical Company Fined $450,000 by New York AG Over Data Breach (lien direct)	> Une société médicale a été condamnée à une amende de 450 000 $ par le New York AG pour une violation de données qui pourrait avoir impliqué l'exploitation d'une vulnérabilité de Sonicwall. >A medical company has been fined $450,000 by the New York AG over a data breach that may have involved exploitation of a SonicWall vulnerability.	Data Breach Vulnerability Legislation Medical		★★
	2023-11-02 15:55:35	Okta dit à 5 000 de ses propres employés que leurs données ont été accessibles en violation tierce Okta tells 5,000 of its own staff that their data was accessed in third-party breach (lien direct)	Les succès continuent de venir pour la gestion des identifiants en difficulté Biz Okta a envoyé des notifications de violation à près de 5 000 employés, les avertissant que des mécréants ont violé l'un de ses fournisseurs tiers et volé un dossier contenant des noms de personnel, Numéros de sécurité sociale, et numéros de régime d'assurance santé ou médicale… The hits keep on coming for troubled ID management biz Okta has sent out breach notifications to almost 5,000 employees, warning them that miscreants breached one of its third-party vendors and stole a file containing staff names, social security numbers, and health or medical insurance plan numbers.…	Medical		★★
	2023-11-01 22:59:48	Ransomware Crooks Sim Swap Medical Research Biz Exec, menacer de divulguer des données volées Ransomware crooks SIM swap medical research biz exec, threaten to leak stolen data (lien direct)	Advarra sondes les affirmations d'intrusion, dit que \\ 'l'affaire est contenue \' Les escrocs ransomwares affirment qu'ils ont volé des données à une entreprise qui aide d'autres organisationsLes dirigeants avaient leur numéro de téléphone portable et les comptes détournés… Advarra probes intrusion claims, says \'the matter is contained\' Ransomware crooks claim they\'ve stolen data from a firm that helps other organizations run medical trials after one of its executives had their cellphone number and accounts hijacked.…	Ransomware Medical		★★
	2023-11-01 19:00:00	La société médicale atteint un règlement de 100 000 $ avec HHS sur l'attaque des ransomwares 2017 Medical firm reaches $100,000 settlement with HHS over 2017 ransomware attack (lien direct)	Une société de gestion médicale basée au Massachusetts a accepté un règlement de 100 000 $ avec le ministère américain de la Santé et des Services sociaux à la suite d'une attaque de ransomware de 2017.L'entreprise, Doctors \\ 'Management Services - qui fournit des services de facturation médicale et d'accréditation des payeurs - a été attaqué par le gang gandcrab ransomware aujourd'hui disparu En avril 2017, mais l'intrusion était A Massachusetts-based medical management company has agreed to a $100,000 settlement with the U.S. Department of Health and Human Services following a 2017 ransomware attack. The company, Doctors\' Management Services - which provides medical billing and payer credentialing services - was attacked by the now-defunct GandCrab ransomware gang in April 2017, but the intrusion was	Ransomware Medical		★★
	2023-10-30 10:00:00	Soins de santé & # 8211;Naviguer sur votre chemin vers le bien-être du bien-être Healthcare – Navigating your path to cyber wellness (lien direct)	The healthcare industry is progressing towards a more mature cybersecurity posture. However, given it remains a popular attack target, more attention is needed. Results from The Cost of a Data Breach Report 2023 reported that healthcare has had the highest industry cost of breach for 13 consecutive years, to the tune of $10.93M. In 2022, the top 35 global security breaches exposed 1.2 billion records, and 34% of those attacks hit the public sector and healthcare organizations. Regulators have responded by requiring more guidance to the healthcare industry. The Cybersecurity Act of 2015 (CSA), Section 405(d), Aligning Health Care Industry Security Approaches, is the government’s response to increase collaboration on healthcare industry security practices. Lead by HHS, the 405(d) Program\'s mission is to provide resources and tools to educate, drive behavioral change, and provide cybersecurity best practices to strengthen the industry\'s cybersecurity posture. Additionally, Section 13412 of the HITECH Act was amended in January 2022 that requires that HHS take "Recognized Security Practices" into account in specific HIPAA Security Rule enforcement and audit activities when a HIPAA-regulated entity is able to demonstrate Recognized Security Practices have been in place continuously for the 12 months prior to a security incident. This voluntary program is not a safe harbor, but could help mitigate fines and agreement remedies and reduce the time and extent for audits. The Recognized Security Practices Recognized Security Practices are standards, guidelines, best practices, methodologies, procedures, and processes developed under: The National Institute of Standards and Technology (NIST) Cybersecurity Framework Section 405(d) of the Cybersecurity Act of 2015, or Other programs that address cybersecurity that are explicitly recognized by statute or regulation It is apparent that healthcare organizations are being guided and even incentivized to follow a programmatic approach to cybersecurity and adopt a recognized framework. How can a cybersecurity framework help? By creating a common language: Adopting a cybersecurity framework and developing a strategy to implement it allows key stakeholders to start speaking a common language to address and manage cybersecurity risks. The strategy will align business, IT, and security objectives. The framework is leveraged as a mechanism in which to implement the cybersecurity strategy across the organization, which will be monitored, progress and budget reported upon to senior leaders and the board, communication, and synergies with control owners and staff. Individual users and senior executives will start to speak a common cybersecurity language, which is the first step to creating a cyber risk-aware culture. By sustaining compliance: Adherence to a cybersecurity framework ensures that healthcare organizations comply with relevant regulations and industry standards, such as HIPAA. Compliance can help organizations avoid legal penalties, financial losses, and reputational damage. By improving cybersecurity risk management practices: The core of implementing cybersecurity risk management is understanding the most valuable assets to the organization so that appropriate safeguards can be implemented based upon the threats. A key challenge to the healthcare industry\'s cybersecurity posture is knowing what data needs to be protected and where that data is. Accepted frameworks are built on sound risk management principles. By increasing resilience: Cyberattacks can disrupt critical he	Data Breach Tool Threat Medical		★★
	2023-10-24 13:44:15	La mise à jour des conseils de cybersécurité de la FDA est-elle suffisante pour contrer de nouvelles menaces? Is the FDA Cybersecurity Guidance Update Enough to Counter New Threats? (lien direct)	Reconnaissant l'urgence de lutter contre les nouvelles cybermenaces sur les dispositifs médicaux et de soins de santé, la Food and Drug Administration des États-Unis (FDA) a publié un document d'orientation intitulé «Cybersecurity in Medical Devices: Quality System Considérations et contenu des soumissions de pré-market».Ce document remplace le «contenu des soumissions de pré-commercialisation pour la gestion de la cybersécurité dans les dispositifs médicaux», qui était [& hellip;] Acknowledging the urgency of addressing new cyber threats on medical and healthcare devices, the US Food and Drug Administration (FDA) issued a guidance document entitled “Cybersecurity in Medical Devices: Quality System Considerations and Content of Premarket Submissions.” This document supersedes the “Content of Premarket Submissions for Management of Cybersecurity in Medical Devices” guidance, which was […]	Medical		★★
	2023-10-23 14:30:00	New York Health Network restaure les services après une cyberattaque paralysante New York health network restores services after crippling cyberattack (lien direct)	Un réseau hospitalier à New York a pu restaurer ses systèmes en ligne samedi après une semaine de problèmes causés par une cyberattaque.Westchester Medical Center Health Network libéré Une déclaration le 16 octobre,AVERTISSEMENT que l'hôpital Healthalliance, l'hôpital Margaretville et le centre de soins résidentiels à flanc de montagne «connaissaient une menace potentielle de cybersécurité et un informatique A hospital network in New York was able to restore its online systems on Saturday after a week of issues caused by a cyberattack. Westchester Medical Center Health Network released a statement on October 16, warning that HealthAlliance Hospital, Margaretville Hospital and Mountainside Residential Care Center were “experiencing a potential cybersecurity threat and an IT	Threat Medical		★★
	2023-10-18 20:40:00	FBI: Les pirates extorquent les fournisseurs de chirurgie plastique, les patients FBI: Hackers Are Extorting Plastic Surgery Providers, Patients (lien direct)	La nature sensible des dossiers médicaux, combinée avec les fournisseurs \\ 'se concentrer sur les soins aux patients, fait des offres idéales de petit médecin pour la cyberintimidation. The sensitive nature of medical records, combined with providers\' focus on patient care, make small doctor\'s offices ideal targets for cyber extortion.	Medical		★
	2023-10-18 09:10:00	FBI: Les pirates extorquent les patients en chirurgie plastique FBI: Hackers Are Extorting Plastic Surgery Patients (lien direct)	Les cybercriminels récoltent les données médicales sensibles des bureaux de chirurgie plastique comme effet de levier pour les exigences d'extorsion Cybercriminals are harvesting sensitive medical data from plastic surgery offices as leverage for extortion demands	Medical		★★
	2023-10-18 09:01:33	Les chirurgies plastiques ont averti par le FBI qu'elles sont ciblées par les cybercriminels Plastic surgeries warned by the FBI that they are being targeted by cybercriminals (lien direct)	Les chirurgies plastiques aux États-Unis ont été émises à ce qu'elles soient ciblées par les cybercriminels dans des parcelles conçues pour voler des données sensibles, y compris les patients et les photographies médicales et les photographies qui seront utilisées plus tard pour l'extorsion.L'avertissement, qui a été émis par le FBI hier et qui s'adresse aux bureaux de la chirurgie plastique et aux patients, conseille que les extorqueurs aient utilisé une approche à plusieurs étapes pour maximiser leurs bénéfices criminels.La première étape implique la récolte de données.Cela voit des pirates malveillants infiltrer les réseaux de bureaux de chirurgie plastique à exfiltrat ... Plastic surgeries across the United States have been issued a warning that they are being targeted by cybercriminals in plots designed to steal sensitive data including patients\' medical records and photographs that will be later used for extortion. The warning , which was issued by the FBI yesterday and is directed towards plastic surgery offices and patients, advises that extortionists have been using a multi-stage approach to maximise their criminal profits. Stage one involves data harvesting. This sees malicious hackers infiltrate the networks of plastic surgery offices to exfiltrate...	Medical		★★
	2023-10-17 00:32:00	5 façons dont les hôpitaux peuvent aider à améliorer leur sécurité IoT 5 Ways Hospitals Can Help Improve Their IoT Security (lien direct)	La conformité HIPAA ne correspond pas à la sécurité, comme le montrent les attaques continues contre les organisations de santé.Les dispositifs médicaux doivent être sécurisés. HIPAA compliance does not equal security, as continuing attacks on healthcare organizations show. Medical devices need to be secured.	Guideline Medical		★★★
	2023-10-16 13:00:00	Les coûts de violation des soins de santé montent en flèche nécessitant une nouvelle réflexion pour la sauvegarde des données Healthcare breach costs soar requiring new thinking for safeguarding data (lien direct)	> À l'ère numérique, les données sont souvent appelées la nouvelle huile.Sa valeur réside dans les idées qu'elle peut céder, en particulier en ce qui concerne les soins de santé, où les données peuvent aider à détecter les maladies, à prédire les résultats des patients et à aider les professionnels de la santé à personnaliser les traitements.Mais avec la numérisation croissante des informations de santé sensibles, il existe des [& # 8230;] légitimes [& # 8230;] >In the digital age, data is often referred to as the new oil. Its value lies in the insights it can yield, particularly when it comes to healthcare, where data can help detect diseases, predict patient outcomes and help health professionals personalize treatments. But with the increasing digitization of sensitive health information, there are legitimate […]	Prediction Medical		★★★
	2023-10-16 11:30:00	Le secteur des soins de santé a mis en garde contre le nouveau groupe de ransomwares Noescape Healthcare Sector Warned About New Ransomware Group NoEscape (lien direct)	Le gouvernement américain a souligné les opérations du groupe Noescape, qui serait un changement de marque de l'acteur de menace russe Avaddon The US government highlighted the operations of the NoEscape group, which is believed to be a rebrand of Russian threat actor Avaddon	Ransomware Threat Medical		★★
	2023-10-11 15:55:50	Chaîne d'approvisionnement, les compromis dans les nuages s'inquiètent dans les soins de santé Supply Chain, Cloud Compromise Worries Growing in Healthcare (lien direct)	Le gouvernement américain a souligné les opérations du groupe Noescape, qui serait un changement de marque de l'acteur de menace russe Avaddon The US government highlighted the operations of the NoEscape group, which is believed to be a rebrand of Russian threat actor Avaddon	Medical Cloud		★★★
	2023-10-11 15:50:06	88% des hôpitaux et autres organisations de soins de santé ont été confrontés à des cyberattaques l'année dernière 88% of Hospitals and Other Health Care Organizations Faced Cyberattacks Last Year (lien direct)	Le gouvernement américain a souligné les opérations du groupe Noescape, qui serait un changement de marque de l'acteur de menace russe Avaddon The US government highlighted the operations of the NoEscape group, which is believed to be a rebrand of Russian threat actor Avaddon	Medical		★★★
	2023-10-11 10:00:00	Le rôle de 5G \\ dans la télémédecine: l'avenir est maintenant 5G\\'s role in telemedicine: The future is now (lien direct)	The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. Healthcare and technology have always gone hand in hand. Telemedicine, which lets you talk to doctors without visiting them in person, is a great example. A few years back, it might have sounded like science fiction. But today, it\'s a regular part of many people\'s lives. In fact, data shows that 80% of people have used telemedical services at least once in their lives. And now 5G is making the process even more efficient. Most of us know 5G as just a faster way to use the internet on our phones. But for healthcare, it\'s a lifesaver. With 5G, doctors can diagnose patients in real-time, no matter how far apart they are. It could even make remote surgeries a reality. And the best part? 5G can help everyone, not just people in big cities. It has the power to bring top-notch healthcare to places that were left out before. As we move forward, it\'s exciting to think about how 5G will change healthcare for all of us. Continue reading to find out more. How 5G is changing telemedicine Before 5G, telemedicine was already useful, but it had its limits. Sometimes, the internet connection might be slow, making video calls blurry or delayed. This could be a problem, especially in critical situations where every second counts. But with 5G, things are changing. Here\'s how: Faster video calls. With 5G, video calls between patients and doctors can be crystal clear and smooth. This means better communication and understanding, which is vital in healthcare. Real-time data. Doctors can now get real-time data about a patient\'s health. For example, if a patient wears a heart monitor, the doctor can see the results instantly with 5G. This helps in making quick decisions. Remote surgeries. This might sound like it’s out of a Star Trek episode, but it\'s becoming a reality. With 5G\'s speed, a surgeon in one city could guide surgery in another city. This can be a game-changer, especially in places where there aren\'t many specialists. Reaching more people. With 5G, even people in remote areas can access telemedicine. This means they can get the medical help they need without traveling long distances. How 5G helps with remote patient monitoring Remote patient monitoring is like having a mini-doctor\'s office in your home. It\'s a way for doctors to keep an eye on your health without you having to visit them in person. Here\'s how it works and why it\'s making a big difference: Tools and devices These aren\'t just ordinary gadgets. Devices like heart rate monitors, blood pressure cuffs, and even glucose meters have been upgraded for the digital age. When you use them at home, they don\'t just give readings; they send this data over the internet straight to your doctor\'s system for remote patient monitoring. This means your doctor gets a clear, real-time picture of your health without you having to jot down or remember numbers. Less visits, same care The traditional model of healthcare often meant waiting in a clinic, even for minor check-ups. With remote monitoring, many of these visits are no longer necessary. You can go about your day, and the devices will do the work. The elderly stand to benefit the most from this, as well as those with mobili	Studies Medical		★★★
	2023-10-10 17:00:00	Le nouveau rapport Ponemon montre que les organisations de soins de santé font peu de progrès dans la protection des patients contre les dommages des cyberattaques New Ponemon Report Shows Healthcare Organizations Are Making Little Progress in Protecting Patients from the Harms of Cyber Attacks (lien direct)	The healthcare sector is finally acknowledging that cyber attacks affect more than just the financial bottom line. Providers are starting to understand that a weak cybersecurity posture puts patients\' safety and well-being at risk-and may endanger lives. Despite this growing understanding, however, little progress has been made in the past year to improve organizational security. The Ponemon Institute\'s second annual Cyber Insecurity in Healthcare: The Cost and Impact on Patient Safety and Care 2023 report, commissioned by Proofpoint, shows that healthcare businesses have made no strides in protecting patients from the physical harm of cyber attacks. The survey found that 88% of healthcare companies experienced an average of 40 attacks in the past 12 months. Among the 653 healthcare and IT security practitioners surveyed: 66% said cyber attacks targeting their business disrupted patient care 50% experienced an increase in complications from medical procedures 23% saw an increase in mortality rates These numbers are similar to last year\'s report and confirm what\'s already well-known in the industry: Change is slow in healthcare, especially when it comes to IT investments. The devastating impacts of various attacks on patient safety The most common types of attacks examined in the Ponemon report are: Cloud compromise Ransomware Supply chain Business email compromise (BEC) We learned that supply chain attacks are the most likely to disrupt patient care (77%, up from 70% in 2022). However, when it comes to specific repercussions, BEC leads in three of five categories. This is the type of attack most likely to cause poor outcomes due to: Delays in tests and procedures (71%) An increase in complications from medical procedures (56%) A longer length of stay (55%) What may surprise healthcare leaders and clinicians is the impact of data loss or exfiltration. When protected health information (PHI) is compromised, most think in terms of the impact to patient privacy. However, the report shows that the implications are far more dangerous. Forty-three percent of survey participants said a data loss or exfiltration incident affected patient care. Of those that experienced this impact, 46% saw an increase in mortality rates, and 38% noted an increase in medical procedure complications. Cloud risk on the rise as adoption grows The healthcare sector has lagged behind most other industries in cloud adoption. It took a global pandemic to shake things up: Sixty-two percent of surveyed physicians said the pandemic forced them to make upgrades to technology that would have taken years to accomplish otherwise. But with the broad adoption of cloud apps, care providers are more vulnerable to cloud threats. ECRI (an independent authority on healthcare technology and safety) ranked care disruption due to the failure to manage cyber risk of cloud-based clinical systems as one of the top 10 healthcare technology hazards for 2023. Given the high rate of adoption, it\'s not surprising the Ponemon report found that cloud compromise is now the top concern for healthcare companies. Cloud compromise rose to first place this year from fifth last year-with 63% of respondents expressing this concern, compared with 57% in 2022. Likewise, healthcare businesses are feeling the most vulnerable to a cloud compromise than other types of attacks, with 74% of respondents in agreement. Ransomware remains ever-present, despite decreased concerns One surprising finding from the survey is the significant decrease in concerns about ransomware attacks. Although 54% of respondents reported that their business had experienced a ransomware attack (up from 41% in 2022), they\'re the least worried about this type of threat. Only 48% of those surveyed said ransomware was a concern-a big decline from last year\'s 60%. Based on recent events, we know that the impacts of ransomware incidents are getting worse. In August, for example, a ransomware attack on a California-based health system	Ransomware Threat Medical Cloud		★★★★
	2023-10-05 13:00:00	La Chine est prête à perturber les infrastructures critiques américaines avec des cyberattaques, avertit Microsoft China Poised to Disrupt US Critical Infrastructure with Cyber-Attacks, Microsoft Warns (lien direct)	Le rapport annuel de défense numérique annuelle de Microsoft a révélé une augmentation des groupes chinois affiliés à l'État qui tentent d'infiltrer des secteurs comme l'infrastructure médicale et les télécommunications Microsoft\'s annual digital defense report found a rise in Chinese state-affiliated groups attempting to infiltrate sectors like medical infrastructure and telecommunication	Threat Medical		★★★★
	2023-10-04 19:21:00	Cyberattaques en Arizona, Missouri limitent l'accès aux services communautaires Cyberattacks in Arizona, Missouri limit access to community services (lien direct)	Les cyberattaques en Arizona et au Missouri ont un accès résident local limité aux services critiques utilisés par des milliers de personnes.En Arizona, une cyberattaque a fait baisser les systèmes du Mt. Graham Regional Medical Center (MGRMC).L'hôpital de 25 lits à Safford, en Arizona, est la principale source de soins de santé pour les comtés de Graham et de Greenlee, qui ont un Cyberattacks in Arizona and Missouri have limited local resident access to critical services used by thousands of people. In Arizona, a cyberattack brought down the systems of Mt. Graham Regional Medical Center (MGRMC). The 25-bed hospital in Safford, Arizona, is the primary source of healthcare for both Graham and Greenlee Counties, which have a combined	Medical		★★
	2023-10-02 21:29:18	Les cyber-mandats de la FDA pour les dispositifs médicaux entrent en vigueur FDA cyber mandates for medical devices goes into effect (lien direct)	> L'administration Biden pousse les fabricants de dispositifs médicaux pour assumer une plus grande responsabilité pour s'assurer qu'ils sont en sécurité. >The Biden administration is pushing the manufacturers of medical devices to take on greater responsibility to ensure that they are secure.	Legislation Medical		★★★
	2023-10-01 22:17:44	Shinyhunters \\ ', un membre de 22 ans, plaide coupable de cyber norme, causant 6 millions de dollars de dégâts ShinyHunters\\' 22-Year-Old Member Pleads Guilty to Cyber Extortion, Causing $6 Million in Damage (lien direct)	Introduction À quel point votre entreprise est-elle sûre des attaques de phishing?Un citoyen français de 22 ans a récemment plaidé coupable aux États-Unis Introduction How safe is your company from phishing attacks? A 22-year-old French citizen recently pleaded guilty in the United States	Legislation Medical		★★★
	2023-09-29 21:07:58	Vendredi Blogging Squid: Protection des céphalopodes dans la recherche médicale Friday Squid Blogging: Protecting Cephalopods in Medical Research (lien direct)	de nature : Les céphalopodes tels que les poulpes et les calmars pourraient bientôt recevoir la même protection juridique que les souris et les singes lorsqu'ils sont utilisés dans la recherche.Le 7 septembre, les National Institutes of Health (NIH) des États-Unis ont demandé des commentaires sur les directives proposées qui, pour la première fois aux États-Unis, nécessiteraient des projets de recherche impliquant des céphalopodes à approuver par un conseil d'éthique avant de recevoir un financement fédéral. Comme d'habitude, vous pouvez également utiliser ce post de calmar pour parler des histoires de sécurité dans les nouvelles que je n'ai pas couvertes. . Lire mes directives de publication de blog ... From Nature: Cephalopods such as octopuses and squid could soon receive the same legal protection as mice and monkeys do when they are used in research. On 7 September, the US National Institutes of Health (NIH) asked for feedback on proposed guidelines that, for the first time in the United States, would require research projects involving cephalopods to be approved by an ethics board before receiving federal funding. As usual, you can also use this squid post to talk about the security stories in the news that I haven\'t covered. Read my blog posting guidelines ...	Medical		★★
	2023-09-29 13:00:36	Après la perturbation des ransomwares, l'hôpital se tourne pour vérifier les services mondiaux de point d'infini pour récupérer et construire une cyber-résilience After Ransomware Disruption, Hospital Turns to Check Point Infinity Global Services to Recover and Build Cyber Resilience (lien direct)	> Lorsqu'un hôpital renommé a été paralysé par une attaque de ransomware, l'objectif immédiat est passé des soins aux patients à une discussion de cyber-stratégie.Le cauchemar qui a suivi a révélé des vulnérabilités, des ressources stressées et créé un environnement chaotique, compromettant les données des patients et la confiance.Cet hôpital n'est pas seul.En tant qu'industrie essentielle avec des troves de données médicales très sensibles, elle est de plus en plus ciblée par les cybercriminels.Au premier semestre de 2023, les recherches sur le point de contrôle ont révélé que les attaques de soins de santé ont augmenté de 18% avec les organisations de soins de santé connaissant 1 634 cyber-attaques par semaine, en moyenne.En fait, les soins de santé se classe comme la troisième industrie la plus attaquée et le [& # 8230;] >When a renowned hospital was crippled by a ransomware attack, the immediate focus shifted from patient care to a cyber-strategy discussion. The nightmare that ensued revealed vulnerabilities, stressed resources, and created a chaotic environment, compromising both patient data and trust. This hospital is not alone. As an essential industry with troves of highly sensitive medical data, it is increasingly targeted by cyber criminals. In the first half of 2023, Check Point Research found that healthcare attacks increased 18% with healthcare organizations experiencing 1,634 cyber-attacks per week, on average. In fact, healthcare ranks as the third most attacked industry and the […]	Ransomware Medical		★★★
	2023-09-25 05:00:10	Comment la sécurité des e-mails gérée par la preuve aide à combler l'écart de talents de cybersécurité How Proofpoint Managed Email Security Helps Fill the Cybersecurity Talent Gap (lien direct)	Talent shortages continue to plague the cybersecurity industry. Cyberseek.org reports that only 69% of cybersecurity jobs in the United States are staffed. Without the right talent, companies are at risk from attacks by threat actors. By 2025, Gartner predicts that talent shortages or human lapses will be at the root of over half of significant cyber incidents. Here\'s a rundown of some of today\'s biggest talent challenges faced by organizations: The impacts of the global cybersecurity skills shortage on businesses. (Source: “The Life and Times of Cybersecurity Professionals” by ISSA and Enterprise Strategy Group by TechTarget, 2023.) Challenges with recruiting and retaining security talent Email remains the go-to threat vector for many threat actors who target it to launch phishing scams, distribute malware, pursue business email compromise (BEC) campaigns, and more. BEC is an especially significant threat. In the 2023 State of the Phish report Proofpoint research showed that 75% percent of businesses experienced at least one BEC attack last year. Many businesses want to hire experienced email security professionals with extensive domain knowledge to help defend against BEC and other email-based threats. However, these professionals are hard to find in the hiring market. Email security professionals also need analytical and problem-solving skills. They need to translate identified threats and assessments into practical steps for remediation. In other words, the nature of the role is multidimensional, as it combines skill sets from email security and threat intelligence. Proofpoint Managed Email Threat Protection elevates email security As the threat landscape is dynamic, your organization\'s email management and incident response need to be a continuous process. Without an adequate supply of talent, how can businesses keep their email secure? Proofpoint Managed Email Threat Protection can help. As a co-managed service delivered by our email security and threat protection experts, it can help you fill gaps in your cybersecurity team. Here\'s what our expert team can offer: They can provide expertise in email security and threat protection Our experts deftly deploy and manage Proofpoint email security and threat protection products. They use a proactive approach to optimize your email system settings, rules and policies and update the latest threat intelligence. And they help to protect your business against emerging attack vectors and threat actors. “If I did not have [Proofpoint] Managed Services … I had said to my boss I would have to hire three skilled people, not entry-level people coming out of college.” - Information Security Director of a U.S. healthcare system and medical school with 20,000 users They can co-manage your daily email operations and provide staff continuity Attracting and retaining cyber talent are high priorities for security executives. But CISOs are expected to do more with less in these cautionary economic conditions. Amid these resource constraints, experts with Proofpoint can provide guidance and co-management of a company\'s daily email operations. Their support helps to foster operational stability. It reduces staffing needs and enhances cost-efficiency. “Massive value for dollars spent. We could only do one-third of the basic tasks you do, and we could not even conceptualize the strategic approach you take.” – CISO of a global equipment manufacturer with 35,000 users They can give valuable insights to your executives Our experts address email security gaps discovered during health checks. They provide configuration efficacy analysis, regular checkpoints and reports. This information adds transparency to your email security. It also empowers you and your leadership to monitor mitigations and gauge progress. “Proofpoint reports contain a lot of very useful information that helps us improve our operating performance. They give our nontechnical stakeholders a way to underst	Tool Threat Medical		★★★
	2023-09-22 10:22:10	Les erreurs de configurations critiques du serveur DICOM entraînent une exposition de dossiers médicaux de 1,6 m Critical DICOM Server Misconfigurations Lead to Exposure of 1.6M Medical Records (lien direct)	Dans une activité de chasse à la menace et à la vulnérabilité régulière, Socradar a découvert au cours de leurs recherches que ... In a regular threat and vulnerability hunting activity, SOCRadar has discovered during their research that...	Vulnerability Threat Medical		★★
	2023-09-22 05:00:22	Nébuleuse: une plate-forme ML de nouvelle génération Nebula: A Next-Gen ML Platform (lien direct)	Engineering Insights is an ongoing blog series that gives a behind-the-scenes look into the technical challenges, lessons and advances that help our customers protect people and defend data every day. Each post is a firsthand account by one of our engineers about the process that led up to a Proofpoint innovation.  Cyber threats are increasing in their frequency and sophistication. And for a cybersecurity firm like Proofpoint, staying ahead of threats requires us to deploy new machine learning (ML) models at an unprecedented pace. The complexity and sheer volume of these models can be overwhelming. In previous blog posts, we discussed our approach to ML with Proofpoint Aegis, our threat protection platform. In this blog, we look at Nebula, our next-generation ML platform. It is designed to provide a robust solution for the rapid development and deployment of ML models. The challenges We live and breathe supervised machine learning at Proofpoint. And we face active adversaries who attempt to bypass our systems. As such, we have a few unique considerations for our ML process: Speed of disruption. Attackers move fast, and that demands that we be agile in our response. Manual tracking of attacker patterns alone isn\'t feasible; automation is essential. Growing complexity. Threats are becoming more multifaceted. As they do, the number of ML models we need escalates. A consistent and scalable modeling infrastructure is vital. Real-time requirements. It is essential to block threats before they can reach their intended targets. To be effective on that front, our platform must meet unique latency needs and support optimized deployment options for real-time inference. In other ML settings, like processing medical radiographs, data is more stable, so model quality can be expected to perform consistently over time. In the cybersecurity setting, we can\'t make such assumptions. We must move fast to update our models as new cyber attacks arise. Below is a high-level overview of our supervised learning process and the five steps involved. A supervised learning workflow, showing steps 1-5. Data scientists want to optimize this process so they can bootstrap new projects with ease. But other stakeholders have a vested interest, too. For example: Project managers need to understand project timelines for new systems or changes to existing projects. Security teams prefer system reuse to minimize the complexity of security reviews and decrease the attack surface. Finance teams want to understand the cost of bringing new ML systems online. Proofpoint needed an ML platform to address the needs of various stakeholders. So, we built Nebula. The Nebula solution We broke the ML lifecycle into three components-modeling, training and inference. And we developed modular infrastructure for each part. While these parts work together seamlessly, engineering teams can also use each one independently. The three modules of the Nebula platform-modeling, training and inference. These components are infrastructure as code. So, they can be deployed in multiple environments for testing, and every team or project can spin up an isolated environment to segment data. Nebula is opinionated. It\'s “opinionated” because “common use cases” and “the right thing” are subjective and hence require an opinion on what qualifies as such. It offers easy paths to deploy common use cases with the ability to create new variants as needed. The platform makes it easy to do the right thing-and hard to do the wrong thing. The ML lifecycle: experimentation, training and inference Let\'s walk through the ML lifecycle at a high level. Data scientists develop ML systems in the modeling environment. This environment isn\'t just a clean room; it\'s an instantiation of the full ML lifecycle- experimentation, training and inference. Once a data scientist has a model they like, they can initiate the training and inference logic in the training environment. That environment\'s strict polici	Threat Medical Cloud		★★★
	2023-09-20 13:00:00	#mwise: nous pour mettre en œuvre des cyber mandats qui changent la donne sur les dispositifs médicaux #mWISE: US to Implement Game-Changing Cyber Mandates on Medical Devices (lien direct)	Une nouvelle exigence légale pour les dispositifs médicaux aux États-Unis présentera le tout premier mandat SBOM pour le marché de la consommation A new legal requirement for medical devices in the US will introduce the first-ever SBOM mandate for the consumer market	Medical		★★

Last update at: 2024-05-12 19:08:22
See our sources.

To see everything: Our RSS (filtrered)