The prospects for passing a U.S. privacy law will improve under the Biden administration, predicts attorney Kirk Nahra, who offers a legislative outlook.
As thousands of National Guard troops pour into Washington to provide security for the Jan. 20 inauguration of Joe Biden as president, cybersecurity analysts are calling attention to the need to defend against cyber incidents as well.
In a ruling that could have a profound impact on HIPAA enforcement, a U.S. Court of Appeals has vacated a $4.3 million HIPAA civil monetary penalty levied by federal regulators against the University of Texas MD Anderson Cancer Center in the wake of three breaches involving unencrypted mobile devices.
The Department of Health and Human Services has slapped Excellus Health Plan with a $5.1 million settlement in the wake of a 2015 data breach that affected more than 9.3 million individuals.
The latest edition of the ISMG Security Report describes new details emerging from the SolarWinds supply chain hack investigation. Also featured: A discussion of why security education is so crucial in 2021 and tips on how to retain security and operations center analysts.
The Federal Trade Commission's announcement this week of a proposed health data privacy settlement with Flo Health, a fertility-tracking mobile app vendor, illustrates how the agency can play a critical role in helping ensure data not regulated under HIPAA is protected.
The U.S. Cybersecurity and Infrastructure Security Agency warns that hackers are increasingly targeting cloud services by waging phishing schemes and brute-force attacks. CISA recommends a number of defenses, including regularly reviewing Active Directory sign-in logs and enforcing multifactor authentication.
It isn't that we struggle to define the zero trust security model. It's that we ignore the real challenge, says Jack Miller of Menlo Security. We need to shift our view of authentication and access from "innocent until proven guilty" to "guilty until proven innocent."
The physical breach of the U.S. Capitol by a violent mob, members of which allegedly accessed lawmakers' systems and stole devices, offers cybersecurity professional lessons to learn on authentication, encryption and more, says cybersecurity expert Brian Honan.
Documents on COVID-19 vaccines and medications - including some containing personal information - that were stolen in a cyberattack last month on the European Medicines Agency have been leaked on the internet.
A recently identified mobile remote access Trojan dubbed "Rogue," which exploits Google's Firebase development platform, targets Android devices to exfiltrate personal data and can deliver other malware, according to Check Point Research. The RAT is being offered for sale or rent in darknet forums.
Google's Project Zero security team is describing its discovery last year of a complex "watering hole" operation that used four zero-day exploits to target Windows and Android mobile devices.
Hear the latest research from the CyberEdge 2020 Cyberthreat Defense Report and benchmark your organization's security posture, operating budget, and product investments in this webinar.
Investigators probing the supply chain attack that hit SolarWinds say attackers successfully hacked the company's Microsoft Visual Studio development tools to add a backdoor into Orion network monitoring security software builds. They warn that other vendors may have been similarly subverted.
In the latest move in its ongoing initiative to enforce a HIPAA provision granting patients the right to access their records, federal regulators have slapped an Arizona integrated healthcare system with a $200,000 fine for failing to provide two individuals with timely records access.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.
