Months after the New Jersey attorney general's office smacked a medical practice with a hefty penalty for a 2016 breach, the office has signed a $200,000 settlement with the group's business associate that was responsible for the incident and banned its owner from managing or owning a business in the state.
An Iowa eye clinic and its affiliated surgery center recently recovered from a ransomware attack on their common systems within one day and without paying a ransom. This case offers important reminders to other healthcare entities and their vendors about advance planning.
A coding error in a portal of the Employee Retirement System of Texas inadvertently allowed some users to view the information of others, potentially exposing information on 1.25 million of its members. Why are breaches involving coding mishaps so common?
As companies go through a digital transformation, they need to move toward real-time risk management - and artificial intelligence can play a critical role, says David Walter, vice president of RSA Archer.
The Department of Health and Human Services has updated its HIPAA security risk assessment tool to better assist small and mid-sized healthcare entities and their vendors in performing a comprehensive risk analysis. But why is conducting a risk assessment so challenging for so many?
Federal regulators have smacked health insurer Anthem with a record $16 million HIPAA settlement in the wake of a cyberattack revealed in 2015, which impacted nearly 79 million individuals. What missteps does the settlement highlight?
The Pentagon is warning that a data breach at a third-party travel management service provider exposed records for an estimated 30,000 civilian and military personnel. The breach alert follows a recent GAO report warning of serious cybersecurity shortcomings in U.S. weapon systems.
Healthcare organizations often fail to address five fundamental elements of a solid cybersecurity program, says security expert Mark Johnson of the consultancy LBMC Information Systems, who formerly was CISO at Vanderbilt University and Medical Center.
Security ratings are increasingly popular as a means of selecting and monitoring vendors. However, ratings can also be used as a means of benchmarking your own organization for internal and external uses.
Download this eBook on the value of security ratings and learn:
The business value - internally and...
Security ratings are increasingly popular as a means of selecting cybersecurity vendors. But Ryan Davis at CA Veracode also uses BitSight's ratings as a means of benchmarking his own organization for internal and external uses.
In Australia, it can take as few as 15 minutes to steal someone's phone number, a type of attack known as SIM hijacking. Such attacks are rising, but mobile operators have no plans to change the authentication required around number porting, which can be set in motion online with minimal personal information.
A case involving alleged insider theft of protected health information from a hospital in New York illustrates why healthcare organizations need to take extra precautions to prevent similar incidents. Security experts offer recommendations.
In today's risk landscape, third-party risk management (TPRM) programs are becoming increasingly critical for businesses. In fact, Gartner estimates that by 2020, 75% of Fortune Global 500 companies will treat vendor risk management as a Board-level initiative to mitigate brand and reputation risk. However, there are...
The new Apple Watch 4, which includes a sensor that can conduct an electrocardiogram, spotlights the emergence of consumer apps that appear to cross over into the territory of medical devices, raising potential cybersecurity concerns.
Why did CISOs at a half-dozen leading healthcare organizations launch a new council aimed at standardizing vendor security risk management? One of those CISOs, John Houston of UPMC, explains why the group was launched, how it will work and why managing cloud vendor risks is a top priority.