Congratulations to tw-Security—2024 Best in KLAS® Security & Privacy Services!

We're #1! Thank you to all our partners and customers!

Iowa Reports Third Big Vendor Breach This Year

Latest Breach Affects 234,000 Individuals; Involves Recent MCNA Insurance Co. Hack   … Three large breaches within weeks of each other illustrates vendor risk challenges that many state agencies face, said Keith Fricke, principal consultant at healthcare security and privacy consultancy tw-Security. Those issues include the large number of third parties that many state agencies […]

Read More

Are Security Teams Blocking Innovation in Healthcare?

Startup companies don’t always factor in enough security when they build solutions, and that may raise red flags. Flexibility is essential. In the race to be “the first to introduce a new solution,” the old mindset was, “Get to market and we can secure it later.” That is no longer a viable option because these […]

Read More

Feds Hit Vendor With $350K Settlement in FTP Server Breach

Practice Management Software Firm’s 2018 Incident Affected Nearly 231,000 … Wendell Bobst, senior security consultant at privacy and security consultancy tw-Security, told Information Security Media Group that most of the security incidents he sees involving FTP servers involve weak practices by the operators of the FTP service. They include the use of generic folders, where […]

Read More

Long-Term Care Services Firm Says Breach Affects 4.2 Million

‘Inaccessible Computers’ Incident Initially Reported as Affecting 501 People   … “Data breaches are time-consuming to investigate,” said Tom Walsh, president of privacy and security consulting firm twSecurity. For example, if phishing or compromised email accounts are implicated in a cybersecurity incident, “all of the saved email messages from the mailboxes of each employee – […]

Read More

California Medical Group’s Ransomware Breach Affects 3.3M

Regal Medical Group Says Patients of Several Affiliates Are Among Those Affected   … “The entire organization is going to be at risk once a connected network is in place. This is why understanding the security stance of a potential acquisition before implementation to the network is so important,” says Susan Lucci, senior privacy and security […]

Read More

VA Hospital ‘High-Risk’ Vulnerability Unaddressed for Years

OIG Audit Findings Include Weaknesses Familiar to Other Healthcare Entities   … Still, “a ‘high-risk’ vulnerability identified over seven years ago that has still not yet been remediated: In the IT world, that’s a really long time,” says Tom Walsh, president of privacy and security consulting firm tw-Security, who reviewed the audit report at Information […]

Read More

Colonoscopy Prep Retail Website Breach Festered for Years

Personal Data of 244,000 in Flux After Malware Probe of Gastroenterologist Vendor   … The stretched out time frame of the malware incident – including the apparent 19-month-long investigation and potential lag in notifying individuals of a breach – is concerning for a variety of reasons, says Tom Walsh, CEO of privacy and security consultancy […]

Read More

Pediatric EMR Vendor Hack Affects 2.2 Million

Incident Spotlights Multiple Common But Serious Data and Vendor Concerns … Complicating matters, pediatric data typically has longer data retention requirements, says Wendell Bobst, senior security consultant at privacy and security consultancy tw-Security. “This means that pediatric providers tend to keep data longer than adult patients,” he says. … Connexin provides its Office Practicum as […]

Read More

CommonSpirit’s Ransomware Incident Taking Toll on Patients

Also: Why Some Facilities Are Affected While Others Are Not … “The reliance on the electronic medical record continues to grow and that is to be expected,” says Susan Lucci, senior privacy and security consultant at tw-Security. Information like allergies, recent diagnoses, and current medications can influence patient care decision-making, she says. “This is another […]

Read More

Feds Warn Healthcare Over Cobalt Strike Infections

Red-Teaming Tool Poses Ongoing Risks When Used by Hackers, HHS Warns … Detection should lead to quick action, says Keith Fricke, principal consultant at privacy and security consultancy tw-Security. Cobalt Strike and other red-teaming tools are ”’legitimate’ in the sense that they can be used by red teamers, but are offensive security tools,” he says. […]

Read More