A new methodology for assessing whether a medical device cybersecurity issue is likely to pose a danger to patients should be available later this year, says cybersecurity researcher Billy Rios in this in-depth interview.
Mobility and IoT are acknowledged by security practitioners to be a whole different beast when it comes to management. MetricStream's French Caldwell says that GRC likewise needs to change its paradigm to accommodate this disruption.
When is a breach not a breach? When you can prove that sensitive data has not been accessed - even off a lost or stolen device. And the way to ensure that, says former prosecutor Stephen Treglia, is through Absolute Data & Device Security.
Because cybercriminals are targeting the healthcare sector, organizations must regularly assess the security risks in all their applications, not just those containing protected health information, says risk management expert Angel Hoffman.
Despite their limited resources, smaller healthcare provider organizations must overcome "paralysis" and ramp up efforts to safeguard information systems or risk becoming potential gateways for breaches at larger organizations, says Michael Kaiser of the National Cyber Security Alliance.
A successful startup is fueled by passion, speed and innovation - all enabled by technology. Not securing this technology layer from day one can therefore have expensive consequences later. IEEE's Diogo MÃ³nica shares security insight for startups.
Sophisticated phishing campaigns, increasingly targeted because of social media, are fueling business email compromises - a growing wire fraud scheme that is attacking businesses worldwide, says Jim Hansen of PhishMe.
Why is devising a reliable patient identifier such a critical issue? Because matching a patient to the wrong records creates serious safety risks as well as privacy problems, says CIO Marc Probst, who explains in an interview how he's tackling the issue at Intermountain Healthcare.
Healthcare organizations need to carefully scrutinize the security of electronic health records and other applications they use because encryption and other features often have shortcomings, says Chris Wysopal, CISO at the security firm Veracode.
Extortion campaigns waged by cybercriminals are expected to become more damaging in 2016, putting additional pressure on CISOs to enhance protection of internal networks and educate employees about extortionists' techniques, says iSight Partner's John Miller.
If presidential candidates don't have the technical know-how to take an educated stand on whether tech companies should provide the government with a backdoor to encryption, how can we judge if they'll make the right choice if they get elected?
Proposed HIPAA Privacy Rule changes in pending federal legislation could lead to elimination of the requirement to de-identify patient data that's used for research purposes, raising questions about whether that data will be at a higher risk for breaches, warns data de-identification expert Khaled El Emam.
In 2016, the healthcare sector faces a variety of complex legislative and regulatory issues, especially those tied to patient privacy, says attorney Kirk Nahra. For example, new rules could emerge covering the use of patient data in research.