To guard against health data breaches, healthcare organizations must demand more proof that their business associates are safeguarding patient data and mitigating related risks, says privacy and security expert Daniel Schroeder.
Police in Britain have arrested a 21-year-old man on suspicion of "hacking offenses" related to the breach of Hong Kong toymaker VTech. Separately, the CEO of hacked London telco TalkTalk testified about her organization's security before Parliament.
A security researcher warns he was able to find online "sensitive account details" for 13 million users of MacKeeper. The software was the focus of a recently settled class-action lawsuit - alleging deceptive advertising and false claims.
As the cyberthreats facing the healthcare sector grow ever more sophisticated, CIO John Halamka, M.D., says organizations must launch aggressive security initiatives, including investing in analytics to improve breach detection, plus two other critical steps.
GOP presidential hopeful Carly Fiorina proposes standing up a centralized cyber command that would be responsible for all aspects of government IT security response. But such a plan could face resistance in Congress if it gives the military authority over federal civilian cybersecurity.
In its sixth HIPAA resolution agreement so far in 2015, the HHS Office for Civil Rights has announced a settlement with the University of Washington Medicine that includes a $750,000 penalty. It's the first HIPAA enforcement case stemming from the investigation of a phishing-related breach.
Security experts are warning that Internet-connected devices - including toys - should be treated as insecure and untrusted until proven otherwise. Have our collective information security shortcomings ever been more seasonally appropriate - or scarier?
New details emerging about a breach involving a former Morgan Stanley employee illustrate how a case of inappropriate access to data can blossom into something much more serious. The case shines a spotlight on the urgent need to mitigate insider threats.
The recent discovery of stacks of paper patient records in dumpsters at an Ohio recycling center offers an important reminder: Any effort to safeguard patient information must include not just high-tech breach prevention measures but also proper policies on the disposal of paper records.
Passage of cyberthreat information-sharing legislation could hinge on how the measure is presented to Congress, and its fate could be tied to a massive omnibus appropriations bill to fund the federal government for the remainder of fiscal 2016.
A former member of the NullCrew hacking group has pleaded guilty to participating in attacks against several organizations, including Bell Canada, Comcast and the U.K.'s Ministry of Defense, which the gang claimed to have exploited via SQL injection flaws.
Wyndham Worldwide Corp. has agreed to a settlement with the FTC over charges stemming from the hotel chain's three security breaches in 2008 and 2009 that exposed 619,000 payment cards and other personal information.
The Data Security Act of 2015, approved by the House Financial Services Committee, would create a national data breach notification requirement and spell out data security standards businesses must follow, usurping 47 state laws.
Another healthcare organization has disclosed that the FBI has detected a cyberattack on its computer network exposing information about its patients. Security experts expect more alerts from the FBI and call on organizations to ramp up breach detection.
In the year ahead, federal regulators need to ramp up their efforts to enforce HIPAA compliance among business associates because so many lack mature security controls, argues security expert Mac McMillan of the consultancy CynergisTek.