HIPAA has long provided patients with the right to access their own "designated record set" of protected health information. But federal regulators are on a campaign to help patients and healthcare organizations understand records access rights, as well as the related privacy risks.
Advanced attacks are out, while persistent, relatively simple attacks are in. Despite all of the APT hype in recent years, cybercriminals, and especially nation-state attackers, prefer to keep things simple. Information security experts explain why.
The rapid rise in cyber-attacks on healthcare organizations necessitates the use of a cyber-centric risk management framework. Recent incidents, including the hacking attack on Community Health Systems, show healthcare is an easy target.
The hacker community can be a cynical crowd, or perhaps a realistic one, that tries to make the best of the threats confronting society. CISO Dan Geer, for example, prefers to hire security folks who are, more than anything else, sadder but wiser.
NIST will soon start writing the "final" version of its cybersecurity framework, a guide to information security best practices for operators of the nation's critical infrastructure. But should it be beta tested?
A new report by several GOP senators raises questions about the HITECH Act's electronic health record incentive program, including concerns about data security and privacy. But the senators overlook a number of key issues.
President Obama's re-election paves the way for continuation of the HITECH Act EHR incentive program and provides a perfect opportunity for the administration to toughen the program's privacy and security requirements.