May has brought yet another busy month for information security news. As the General Data Protection Regulation (GDPR) went into full effect as of May 25th, information security and how companies handle individual’s sensitive data is a hot topic. Political factors continue to play a large role in information security standards, while the healthcare industry continues to be an easy target for hackers. As more and more internet traffic comes from mobile devices, malicious individuals have shifted their focus to target users and mobile employees who rely on their mobile devices. The world of information security is extremely volatile, stay up to date with this month’s Information Security Roundup.
- As of May 25th, data protection authorities in each member state of the EU will start enforcing GDPR compliance. The GDPR now stands as the world’s toughest privacy law and holds EU members to a strict standard of accountability and transparency. Penalties for non-compliance are steep, so companies are scrambling to be sure they meet the requirements.
- Due to new regulations and compliance requirements, hackers are taking advantage of the situation by tricking Apple users into divulging their Apple ID credentials through phishing and social engineering scams. With your Apple credentials, they could then get access to personal data such as your credit card information.
- If you’re interested in learning more about GDPR compliance requirements and FAQ’s, download FRSecure’s GDPR Cheat Sheet for free.
Information Security in Government
- On May 15th, the Trump administration eliminated the cybersecurity position on the National Security Council. The position was central to developing policies to defend against cyberattacks. John Bolton, the National Security Advisor, stated the role was no longer necessary because cybersecurity issues are already a “core function” of the president’s national security team.
- The decision received a large amount of backlash from the public and the Senate alike. A bipartisan pair of senators wrote to President Trump to express concern over the decision to eliminate the position.
- The Knox County elections website suffered an intentional cyberattack by foreign computers. The website which reports the results of the election crashed and was down for over an hour. However, officials have said no voting data was affected.
- The Department of Homeland Security has yet again issued a warning about vulnerabilities in the security of medical devices. These vulnerabilities, if exploited, have the potential to reveal files including patients’ protected health information and other personal accounts.
- Healthcare enterprises are becoming easier targets for modern hackers due to their reliance on aging IT equipment, outdated software, and data sharing. The number of data breaches within the healthcare industry is becoming increasingly scary since 2009, when regulators first began tallying the “Wall of Shame.”
- A report conducted by the Department of Defense Office of Inspector General identified some key problems with how information is stored and security is handled at military health facilities; three Navy and two Air Force. Security experts say many of the same weaknesses identified in the report are quite common at civilian healthcare facilities as well.
In Other News
- A new form of hacking is taking advantage of the Bitcoin phenomenon; Bitjacking. This new type of attack is virtually untraceable and offers a much higher payout rate than ransomware; making it a hacker’s dream come true. To see how well prepared your organization is to a ransomware attack, download FRSecure’s Ransomware Readiness Assessment for free.
- A man from Elmore, Minnesota purchased an old storage unit for $20 and found hundreds of files that were marked confidential inside. These files contained social security numbers, and other personal records of individuals who attended Elmore Academy, a youth detention facility.
- Cisco Talos revealed their research of Russian-linked attacks that hit over 500,000 routers, primarily in Ukraine. The hackers are thought to be the same group that breached the Democratic National Committee in 2016.
The world of information security is extremely volatile, so stay up to date by following FRSecure’s Twitter and LinkedIn for consistent updates on information security news stories like the ones above, and visit our site to learn how you can prevent similar incidents from happening to your organization.