Organizations incorporating social media into their daily operations tend to have gaps in policies, and key aspects are often an afterthought, says attorney David Adler, who pinpoints areas to address.
Addressing cyber-attacks is not just a technology issue. It requires a holistic view from the entire organization, says ISACA's Jeff Spivey, who emphasizes the need for a framework approach to security.
Healthcare organizations aren't performing enough analysis of user behavior to detect possible insider threats, says security consultant Mac McMillan, who outlines the importance of auditing for abnormalities.
Healthcare organizations need to more closely monitor how staff members access patient information to minimize "insider threats" that could compromise privacy or lead to fraud, says security consultant Mac McMillan.
A conference hosted by the HHS Office for Civil Rights and the National Institute of Standards and Technology will provide insights on HIPAA Omnibus Rule compliance as well as other hot health data security topics.
Although there have not yet been any confirmed reports of financial fraud associated with a major data breach at the Utah Department of Health last year, the potential for costly fraud is huge, contends Al Pascual of Javelin Strategy and Research.
To retain their customers after a breach of sensitive information, organizations should take the extra step of calling those affected to offer free credit protection services, says security expert Brian Dean.