The HHS Office for Civil Rights should take 10 steps to strengthen its oversight of HIPAA Privacy Rule compliance as well as improve followup activities on reported data breaches, a government watchdog agency concludes in two new reports.
Even if China fails to live up to its promise to stop pilfering corporate trade secrets, as America's spy chief predicts, the U.S. could still benefit diplomatically from the two nations' cybersecurity agreement.
The commoditization of attack infrastructure and services in the cyber-criminal underground, and the low cost and ease of launching targeted attacks, are growing concerns that require new defense strategies, says Trend Micro's Raimund Genes.
It's been two years since enforcement of the HIPAA Omnibus Rule's modified breach notification requirements began. But the most significant changes in the federal tally of major health data breaches since then appear to have more to do with a surge in hacker activity than the new requirements under HIPAA Omnibus.
The hotel chain bearing 2016 U.S. presidential candidate Donald Trump's name has confirmed that its point-of-sale systems were malware-infected for more than a year, but it's downplaying the possibility that card data was exfiltrated or used to commit fraud.
The traditional Security Operations Center is out, and the new Security Intelligence Center is in. Greg Boison of Lockheed Martin tells how security leaders are winning business support for this evolution.
President Obama, in reaching any type of cybersecurity accord with Chinese President Xi Jinping, should borrow from the diplomacy he used to reach the Iranian nuclear agreement: Get the best deal possible and then distrust but verify.
Federal auditors say a data repository used for data analysis and reporting for the Affordable Care Act, better known as Obamacare, had numerous data security shortcomings that have since been addressed. Security experts say the problems cited are common to many organizations.
The severity of the U.S. Office of Personnel Management breach continues to grow, with investigators now reporting that hackers stolen 5.6 million people's fingerprint data. The theft may have security implications well into the future.
The attacks have evolved, breaches have multiplied, and serious security gaps have been exposed. But what most concerns FireEye President Kevin Mandia? The rise of nation-states as leading threat actors.
A former wealth management adviser at Morgan Stanley pleaded guilty this week to stealing confidential client information. Some fraud-prevention experts say the investment banking firm could have taken steps to detect the suspicious insider activity sooner.
For years, information security experts have been warning users to create complex, unique passwords, and organizations to secure them properly. But an analysis of 12 million cracked Ashley Madison passwords shows how much we're still failing.
A lawsuit has been filed in the aftermath of a hacker attack on Excellus BlueCross BlueShield that potentially exposed information on 10.5 million individuals. Meanwhile, an Illinois court has dismissed more claims in the consolidated case against Advocate Health in the wake of a 2013 breach.
Building better relationships between organizations' privacy and security teams and the workforce, as well as between covered entities and their business associates, is essential to improving patient data security. That was a key theme at last week's Healthcare Information Security Summit in San Francisco.
Too often, individuals who fail to take the proper steps to secure IT aren't punished for their reckless behavior. But should those who consistently fail to follow safe cyber hygiene be severely penalized for repeatedly falling for phishing attacks?