Although access to electronic health information is expanding to more users, including patients, many healthcare organizations are still reluctant to use advanced methods of authentication, says Jeff Cobb, CISO at Capella HealthCare.
President Obama has reportedly decided that the government shouldn't exploit encryption flaws, such as Heartbleed, in most instances unless there's "a clear national security or law enforcement need." But how should that need be determined?
An analysis of the Target breach prepared for a Senate committee is a political document that might help its patron's agenda but doesn't go far enough to identify technical solutions to help enterprises avoid Target-like breaches.
Simple credentials, such as passwords, are a hacker's best friend, says Phillip Dunkelberger of Nok Nok Labs, a founding member of the FIDO Alliance. That's why the alliance is working to reduce reliance on passwords by enabling advanced authentication.
As patient portals become more common in 2014, healthcare providers will struggle to find a balance between implementing strong authentication practices and providing individuals with easy access to records, says privacy attorney Adam Greene.
To help reduce reliance on passwords, the FIDO Alliance is developing standard technical specifications for advanced authentication. Michael Barrett and Daniel Almenara of FIDO describe the impact the effort could have in 2014.
Hackers have pilfered some 2 million user passwords and credentials for Facebook and other social media and Internet sites, according to IT security provider Trustwave. The hackers attacked computers in about 100 nations.
Financial institutions and businesses in other sectors must continually collect information about their online customers to ensure stronger authentication, says Avivah Litan, a fraud expert and analyst for the consultancy Gartner.
Learn how the partial government shutdown is hampering a wide variety of important Department of Health and Human Services programs, ranging from patient privacy protection to disease outbreak detection.
Mitigating card risks associated with retail malware attacks and POS vulnerabilities is a focus of updates to the PCI Data Security Standard, say Bob Russo and Troy Leach of the PCI Security Standards Council.
Hackers allegedly trafficking in personally identifiable data have reportedly breached the computers of three major data aggregators, raising doubts about knowledge-based authentication as a tool to verify identity.