Information Security News
Healthcare IT News
American Dental Association sends malware-infected USB drives to its members
Healthcare IT News
In a statement supplied to Healthcare IT News, the ADA, which represents more than 159,000 members, said it began distributing its 2016 manual CDT dental procedure codes, "which included flash drives in the back pocket," in late 2015. A "small ...
American Dental Association Mails Malware-Laced USB Drives to Thousands
“Like sharing passwords, connecting untested thumb drives to information systems containing sensitive data like personal health information (PHI) violates the most fundamental rules of InfoSec,” he said. “The healthcare industry—which includes ...
How Changing SMB Client Requirements Are Reshaping the MSP Market
It's now common for SMBs to adopt IT functions such as end user security, password management, multifactor authentication, network/systems management and InfoSec (threat monitoring and firewall management), all of which are required as SMBs' ...
A new version of the standard was released today, version 3.2. There are a number of changes that will affect those that need to comply with thestandard, especially for service providers. For service providers struggling to move customers away from SSL and weak TLS there is some good news. The deadline for this requirement has been moved to June 30 2018. Service providers will however berequired to have a secure environment (i.e. accepting TLS v1.2 or v1.1) by June 30 2016 (yes two months). This shouldnt be to onerous as most service providers will already have this in place. ">There are a few new requirements in the standard. The majority of these only apply to service providers and relate to ensuring that processes are followed throughout the year rather than a once a yeareffort.">Theyare best practice until 1 February 2018, after which they must be in place. A number of these are also quarterlyrequirements. ">They include:">
PCI DSS 3.2 lands, urges you to make haste slowly
And those who adhere to a purist view of infosec probably won't be pleased. For example, as explained by the PCI SSC's CTO Troy Lynch here, organisations should be migrating away from SSL and older TLS, but there remains two years for that transition ...