Cottage Health System in California says patient information was apparently exposed on Google for 14 months because of a lapse in a business associate's protections for one of its servers. Experts discuss the implications for the BA.
Organizations must guard against making three common mistakes when conducting an investigation of a data breach or fraud incident, says attorney Kim Peretti, a former Department of Justice cybercrime prosecutor.
In this week's breach roundup, read about the latest incidents, including two thefts of portable electronic devices exposing health information and a reminder to apply security controls to employee-owned devices.
In this week's breach roundup, read about the latest incidents, including a Florida hospital notifying 9,900 patients that a former employee inappropriately accessed their records with the apparent intent to commit fraud.
Attorney Ellen Giblin describes who should be involved in determining whether a breach should be reported in compliance with the new breach notification requirements of the HIPAA Omnibus Rule. She also offers other compliance insights.
HHS proposes that state insurance exchanges report data breaches within one hour after discovering them. CIO Curt Kwak of the Washington state exchange explains why compliance with such a rule would be challenging.
The apparatchiks at the Kremlin think they're clever sorts with plans to replace computers with typewriters to prevent the American e-spies at the National Security Agency from hacking into Russian intelligence systems.
Our analysis of U.S. government labor statistics shows a sizable increase in the IT security workforce. But the way the occupation is defined may have as much to do with the increase as the number of jobs themselves.