Several recent health data security incidents - including two at a Florida hospital and another at a Washington state Medicaid agency - illustrate the challenges healthcare organizations face in detecting and preventing insider breaches.
Hong Kong toymaker VTech has revised its end-user license agreement to make clear that it can't be held legally responsible for any data breaches. Many security experts have reacted with fury. But is VTech's move unusual?
While 2015 will be remembered as the year of major hacker attacks in the healthcare sector, most of the health data breaches added so far this year to the official federal tally have involved blunders by insiders. That's why infosec pros need to focus on more than just mitigating hacker threats.
The Office of Personnel Management is addressing three cybersecurity deficiencies identified by the agency's inspector general as contributing to a significant data breach, Beth Cobert tells a Senate panel considering her confirmation as the new OPM director.
For only the second time, federal regulators have slapped a healthcare entity with a civil monetary penalty in a case involving egregious HIPAA violations. Find out why Lincare Inc. was fined after a privacy incident affecting just 278 patients.
A comprehensive review of security at the Utah Department of Health conducted in the aftermath of two data breaches, including a hacker attack, found 39 "high-impact" weaknesses. But experts say many of the cited shortcomings are common at other organizations.
Insurer Centene Corp.'s loss of unencrypted hard drives storing information on nearly 1 million individuals raises the issue of when encryption is appropriate and points to the need for all organizations to improve their tracking of IT inventory.
A lawsuit filed against security firm Trustwave is raising questions about "PCI Professional Forensic Investigators" and how they are monitored by the PCI Security Standards Council. But experts say the onus is on companies, not the council, to ensure their security practices are adequate.
DataBreachToday announces its inaugural list of top influencers, reflecting the individuals and organizations who have the biggest impact - good or bad - on the data breach landscape and growing breach epidemic.
The New York Attorney General's settlement with taxi-hailing platform Uber - over alleged customer data privacy violations and a delayed data breach notification - provides a best practice security template for any organization that handles customer data.
After a data breach, how can organizations cooperate with law enforcement without increasing the likelihood they'll face civil lawsuits? By sticking to the basic facts, says T.C. Spencer Pryor, partner at the law firm Alston & Bird, in this video interview.
Reports on the Ukrainian energy supplier hack have left many crucial questions unanswered: Who was involved, did malware directly trigger a blackout and are other suppliers at risk from similar attacks? Cybersecurity experts offer potential answers.
In the healthcare sector in 2016, hackers will continue to threaten systems and networks - and possibly medical devices - while federal and state regulators expand and refine their data security enforcement activities.
Improving breach detection and defenses involves much more than buying the latest technology, warns security expert Haroon Meer. "We keep moving on as we try to solve new, shiny problems, which we then half solve, but we still haven't completely solved problems that we knew about 20 years ago."