For years, organizations have been threatened by DDoS attacks on several fronts, ranging from volumetric attacks to application-level and DNS strikes. Now come ransom-based attacks. Trey Guinn of CloudFlare discusses how to respond to each type of attack.
A settlement between the Federal Trade Commission and Practice Fusion, an electronic health records system vendor, serves as a reminder that regulations other than HIPAA apply to protecting patient privacy, says attorney Adam Greene, a healthcare regulations expert.
While awaiting new guidance from the HHS Office for Civil Rights, healthcare organizations can take several steps to help determine whether a ransomware attack is a reportable breach under HIPAA, says compliance attorney Betsy Hodge.
In the latest ISMG Security Report, our editors examine the top concerns of security practitioners gathered at Infosecurity Europe, NIST's planned revision of its cybersecurity framework and U.S. government efforts to make sure patients can securely access their electronic health records.
The scale of the global IT security skills crisis is well documented. But what is its direct impact on cybersecurity with the government agencies of Washington, D.C.? Dan Waddell of (ISC)² discusses the problem - and a new way to address it.
Cybercrime alert: In March, 93 percent of all phishing emails studied contained ransomware designed to forcibly encrypt PCs, says PhishMe chief operating officer Jim Hansen. In an interview, he offers insights on how to respond.
Many organizations still fail to practice smart web security, warns penetration testing expert Ilia Kolochenko, who notes that 23 percent of all websites still use SSL version 3, despite it leaving them at risk from POODLE and BEAST attacks.
NIST plans next year to clarify certain provisions in its cybersecurity framework. "Just to be clear, we're not headed toward a version 2.0 right now," Program Manager Matt Barrett explains in an interview. "We're headed to something that's more like a 1.1."
This ISMG Security Report features a discussion of the impact on the global financial services industry of the SWIFT-related theft of $81 million from Bangladesh's central bank and similar thefts. You'll also hear reports on making IT systems more trustable and national governments' spending on cybersecurity.
In this special edition of the ISMG Security Report, a panel of top cybersecurity thought leaders analyzes the value of the Obama administration's cybersecurity framework and its long-term impact.
Executive recruiter Bill Liguori helps many organizations find CISOs. What skills are these companies looking for today? Find out in this in-depth interview.
Don't blame a lack of information security standards, security products or cybersecurity competence for the failure of breach defenses. In many cases, the culprit is design and implementation flaws in IT products, Robert Bigman, former CIO at the CIA, contends.
ISMG editors, in a special report, examine the status of data breach notification laws in a number of regions, including the European Union, which this past week implemented the General Data Protection Regulation, although enforcement won't take place for two years.
Start preparing immediately for the EU's new General Data Protection Regulation - even though it doesn't go into force for two more years - because it mandates a number of new privacy and security requirements, warns cybersecurity expert Brian Honan.
The U.S. Congress delves into the issue of whether CISOs should report to CIOs, a topic that leads the Friday, May 27, 2016, edition of the ISMG Security Report, an on-demand audio report offered every Tuesday and Friday.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.