24By7Security Blog
152 FOLLOWERS
Get the latest news in cybersecurity, compliance and more from 24By7Security.
24By7Security Blog
6h ago
Landmark cybersecurity guidance from NIST offers outstanding enhancements with release of v2.0 on February 26, 2024
The National Institute of Standards and Technology (NIST)released version 2.0 of its widely adopted cybersecurity framework (CSF) on February 26, 2024. This marks the first significant update since the framework was introduced a decade ago, in 2014. The digital landscape has evolved tremendously over time, and v2.0 addresses that evolution very effectively.
Popular Cybersecurity Framework Takes a Giant Leap Forward ..read more
24By7Security Blog
2w ago
On-premise ScreenConnect customers are urged to install patches or upgrade to v23.9.8 without further delay
Vulnerabilities on the ConnectWise ScreenConnect platform version of 23.9.7 and higher were announced on February 19, 2024. Federal agencies reported evidence of exploitation of ScreenConnect and AnyDesk software as early as June 2022 ..read more
24By7Security Blog
3w ago
U.S. and U.K. announce five Russian nationals indicted for LockBit ransomware crimes
One of the most active ransomware gangs in the world, the LockBit group of cybercriminals has targeted over 2,000 victims, extorted more than $120 million in ransom payments, and demanded ransoms totaling hundreds of millions of dollars. The criminal organization has been active since at least September of 2019, when it launched LockBit as ransomware-as-a-service (RaaS) for sale to hackers ..read more
24By7Security Blog
1M ago
The 2023 Report on the Cost of a Data Breach, compiled annually by IBM and the Ponemon Institute, reveals organizations’ responses to cybercrime
The cost of a data breach has been climbing since 2017, and in 2023 reached a record $4.45 million (USD), according to the latest Cost of a Data Breach Report. The average cost dipped slightly at the start of the pandemic in 2020, but since then has climbed steadily with the cost of a data breach exceeding $4 million each year ..read more
24By7Security Blog
1M ago
2023 a record year with healthcare breaches reported every day
As part of Health and Human Services (HHS), the Office for Civil Rights (OCR) is responsible for enforcing the Health Insurance Portability and Accountability Act (HIPAA) and imposing financial penalties and corrective action plans upon HIPAA violators. In accordance with the HITECH Act, section 13402(e)(4), HHS OCR is required to publish a list of breaches of unsecured protected health information that affect 500 or more individuals, which in turn requires healthcare-covered entities to report such breaches to the OCR. Reports mu ..read more
24By7Security Blog
1M ago
HITRUST in Healthcare Makes Great Sense. Adopting the HITRUST CSF Covers All Your Bases, from HIPAA to PCI and More
The HITRUST CSF is a unique and elegant solution for healthcare organizations, health plans, and business associates who are required to comply with multiple federal regulations in addition to HIPAA—which these days means virtually all covered entities. That’s because the HITRUST Framework incorporates and cross-references the existing standards and regulations that apply to the healthcare industry, all in one place, all in a single framework. With three levels of assessment and ..read more
24By7Security Blog
1M ago
Cybersecurity challenges, data breach litigation costs, regulatory overload, and industry mergers are top issues for 2024
Four core issues will shape the 2024 outlook for hospitals and other covered entities, just as they have plagued the healthcare industry in recent years. Cybersecurity challenges, many stemming from poor HIPAA compliance, distract hospital administrators and eat up resources. The healthcare industry leads all others in terms of data breaches and the related costs of litigation and settlements, not to mention penalties imposed by the OCR. The effects of regulatory overload ..read more
24By7Security Blog
2M ago
Maintaining robust cybersecurity is fundamental. Making sure your business is cyber resilient is the next requirement.
Most individuals aspire to be resilient. We want to bounce back from adversity, maintain our health and well-being, and rise to the occasions that life presents. Most businesses have similar aspirations.
Defining Cyber Resilience
In general terms, resilience is defined as “the ability to withstand or to recover quickly from difficulties,” according to the Oxford Dictionary.
The MITRE organization took the term resilience into cyberspace when it developed the Cyber Resi ..read more
24By7Security Blog
2M ago
As the curtain falls on Data Privacy Week 2024, the echoes of the imperative to safeguard sensitive data and build cyber resilience persist.
With Data Privacy Week drawing to a close, and the great advice for securing your data fresh on your mind, now is the perfect time to expand on the data privacy tips from the National Cybersecurity Alliance by exploring briefly just some of the essential elements for strengthening your organization’s cyber resilience. Let’s delve into the significance of penetration testing, third-party risk mitigation, security risk assessments, vulnerabilit ..read more
24By7Security Blog
2M ago
We’re on the home stretch for PCI DSS 3.2.1 assessments before v3.2.1 is retired on March 31, 2024 It’s Time to Make an Important Decision
The previous PCI Data Security Standard (version 3.2.1) will be officially retired in just over two months—on March 31, 2024. There is still time to conduct a security risk assessment in your PCI DSS 3.2.1 environment, by this deadline, provided you begin now.
Once this window closes, you will need to implement the multitude of new requirements of PCI DSS 4.0, which is the current version of the Data Security Standard launched more than a year ago, on Marc ..read more