The recent discovery of stacks of paper patient records in dumpsters at an Ohio recycling center offers an important reminder: Any effort to safeguard patient information must include not just high-tech breach prevention measures but also proper policies on the disposal of paper records.
Passage of cyberthreat information-sharing legislation could hinge on how the measure is presented to Congress, and its fate could be tied to a massive omnibus appropriations bill to fund the federal government for the remainder of fiscal 2016.
A former member of the NullCrew hacking group has pleaded guilty to participating in attacks against several organizations, including Bell Canada, Comcast and the U.K.'s Ministry of Defense, which the gang claimed to have exploited via SQL injection flaws.
Wyndham Worldwide Corp. has agreed to a settlement with the FTC over charges stemming from the hotel chain's three security breaches in 2008 and 2009 that exposed 619,000 payment cards and other personal information.
The Data Security Act of 2015, approved by the House Financial Services Committee, would create a national data breach notification requirement and spell out data security standards businesses must follow, usurping 47 state laws.
Another healthcare organization has disclosed that the FBI has detected a cyberattack on its computer network exposing information about its patients. Security experts expect more alerts from the FBI and call on organizations to ramp up breach detection.
In the year ahead, federal regulators need to ramp up their efforts to enforce HIPAA compliance among business associates because so many lack mature security controls, argues security expert Mac McMillan of the consultancy CynergisTek.
The experience of a dozen health plans that participated in a cyberattack drill spotlights the need for a well-thought-out incident response plan, says John Gelinne of Deloitte Advisory Cyber Risk Services.
Turns out electronic learning products can be bad for children's privacy - and for their parents too. The VTech breach highlights how, despite repeated warnings, too many manufacturers continue to not take security seriously.
In yet another HIPAA enforcement action by a state attorney general, the New York AG has fined the University of Rochester Medical Center after a nurse practitioner gave patients' information to her future employer without getting the patients' permission.
Top American and Chinese government officials, meeting this week in Washington, agreed to create a common understanding on cyberthreats and how to respond to them, but the two sides offered different characterizations of the tone of the dialogue.
The breach of Hong Kong toymaker VTech highlights security experts' growing concern over manufacturers selling devices - for enterprises, medical purposes, schools as well as homes and now toy boxes - that don't appear to be secure by design.
The Chinese government concedes the attack on U.S. Office of Personnel Management computers emanated from China, but it contends the culprits were criminals, not individuals working for the Chinese government or military. Some experts in the United States aren't buying the Chinese government's explanation.
Target Corp. has reached a proposed $39.4 million settlement with a group of financial institutions that sued the retailer over fraud losses and expenses suffered as a result of Target's December 2013 data breach.
In the second largest financial penalty ever issued as part of a HIPAA resolution agreement, federal regulators have smacked Puerto Rico-based health insurer Triple-S Management with a $3.5 million fine as a result of multiple breaches. It's the company's second large fine from a government agency.