Bill Stewart, a privacy and security expert at medical device manufacturer Philips Healthcare, offers an explanation of when hospitals should apply software patches to devices on their own and when they should work with the supplier.
Nations' policies for mitigating cyberthreats can conflict with efforts to promote cyber-enabled global trade, cautions Allan Friedman, research director of the Brookings Institution's Center for Technology Innovation.
To mark his induction into the National Cyber Security Hall of Fame, Purdue University Computer Science Professor Eugene Spafford offers insights on key challenges, including overcoming senior executives' misperceptions about key issues.
Knowledge-based authentication is no longer reliable, says fraud expert Avivah Litan, an analyst at Gartner. She explains why so-called behavioral authentication is the only reliable way to verify users.
Mitigating card risks associated with retail malware attacks and POS vulnerabilities is a focus of updates to the PCI Data Security Standard, say Bob Russo and Troy Leach of the PCI Security Standards Council.
Before hiring a cloud services vendor, healthcare organizations should demand answers to tough questions about privacy and security, says Phil Curran, a hospital CISO who has scrutinized many companies.
Top executives at healthcare organizations must take the lead in overcoming a culture that portrays privacy and security as barriers, says Joy Pritts, chief privacy officer at the Office of the National Coordinator for Health IT.
A soon-to-be-completed regulatory framework to address patient safety issues posed by medical devices, electronic health records and other health IT must consider cybersecurity issues, says Julian Goldman, M.D., a federal adviser.
As the Sept. 23 enforcement deadline for HIPAA Omnibus approaches, an error that many business associates are making is thinking that compliance can be achieved with a simple checklist, says consultant Andrew Hicks.