Chris Rohlf, Yahoo's penetration testing and red team leader, describes how he helps the company take a proactive security approach - and the skills required to get the job done.
A comprehensive review of security at the Utah Department of Health conducted in the aftermath of two data breaches, including a hacker attack, found 39 "high-impact" weaknesses. But experts say many of the cited shortcomings are common at other organizations.
When is a breach not a breach? When you can prove that sensitive data has not been accessed - even off a lost or stolen device. And the way to ensure that, says former prosecutor Stephen Treglia, is through Absolute Data & Device Security.
As the federal government moves forward with a long list of endeavors - including a "moonshot to end cancer" - focused on boosting medical innovations, it's critical that patient privacy and data security stay top of mind.
Cybercriminals are in mourning after the shocking announcement from Oracle that it will deep-six its beloved Java Web browser plug-in technology, owing to browser makers failing to support "standards based" plug-ins.
Despite their limited resources, smaller healthcare provider organizations must overcome "paralysis" and ramp up efforts to safeguard information systems or risk becoming potential gateways for breaches at larger organizations, says Michael Kaiser of the National Cyber Security Alliance.
Insurer Centene Corp.'s loss of unencrypted hard drives storing information on nearly 1 million individuals raises the issue of when encryption is appropriate and points to the need for all organizations to improve their tracking of IT inventory.
The Obama administration's initiative to move much of the U.S. federal government's security clearance responsibilities to the Defense Department from the Office of Personnel Management is receiving mixed reviews from security experts and lawmakers.
The Ukrainian energy sector is being targeted by fresh phishing attacks, the country's computer emergency response team warns. But it's not clear who's behind those campaigns, or a recent malware infection at Kiev's main airport.
It's time to start to think about the cybersecurity agenda for the 45th president of the United States, who takes office a year from this week. What's on your list of cybersecurity challenges the next president must tackle?
Extortion campaigns waged by cybercriminals are expected to become more damaging in 2016, putting additional pressure on CISOs to enhance protection of internal networks and educate employees about extortionists' techniques, says iSight Partner's John Miller.
Here's why the acquisition of rival threat-intelligence firm iSight Partners by breach investigation heavyweight FireEye makes sense, and why market watchers predict that other stand-alone intelligence firms will soon get snapped up.
Cyber insurance covers more than the cost of breaches of data privacy; it can play a role in protecting against the cost of a cyberattack that disrupts business operations, explains insurance specialist Tim Burke in this video interview.
A lawsuit filed against security firm Trustwave is raising questions about "PCI Professional Forensic Investigators" and how they are monitored by the PCI Security Standards Council. But experts say the onus is on companies, not the council, to ensure their security practices are adequate.
Why do we continue to be so stupid about how we use passwords? A review of 2015 data breaches finds that it's not just users of infidelity websites who remain reckless with their password choices.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.
