About 400,000 Puerto Ricans enrolled in the government's health insurance plan for the impoverished have potentially been affected by a breach incident involving unauthorized access to an Internet database.
All organizations involved in any type of health information exchange should be required to have digital certificates to authenticate their identities, a panel advising federal regulators on policy issues recommends.
There was good news and bad news in the past month about the official federal tally of major health information breaches. While only six new incidents were added in the past month, one of those cases affected more than 280,000 individuals.
Staff training, aggressive breach prevention efforts and strong sanctions for violating policies are key to creating a corporate culture that values privacy and security, says Alan Dowling, the new CEO of the American Health Information Management Association.
The Department of Veterans Affairs has taken steps to help ensure thumb drives lacking encryption cannot be plugged into its computers. The move comes following the discovery of an unencrypted drive containing personal information on veterans.
The conventional wisdom that Congress won't enact significant IT security legislation this year hasn't deterred some Democratic lawmakers, including House Homeland Security Committee Chair Bennie Thompson, from introducing another cybersecurity bill.