Exasperated House Oversight Committee Chair Jason Chaffetz faults OPM Director Katherine Archuleta for not embracing a 2014 inspector general recommendation to shutter unauthorized IT systems that hackers eventually breached.
The recent string of hacker attacks in the healthcare sector is a reminder of the need for organizations to re-assess whether they're following best practices to secure remote access to sensitive data, says security expert Gary Glover.
Forget attributions of the German parliament malware outbreak to Russia, or Chancellor Angela Merkel's office being "ground zero." The real takeaway is the Bundestag's apparent lack of effective defenses or a breach-response plan.
A new Obama administration cybersecurity initiative isn't placing new burdens on federal government agencies; it's aimed at getting them to comply with recommended safeguards they've failed to implement.
When it comes to health data breaches, business associates are again grabbing headlines, calling attention to the importance of scrutinizing vendors. The latest incident involves a breach that wasn't reported to a covered entity for eight months.
The investigation into the U.S. Office of Personnel Management breach has reportedly found that foreign spies may have stolen deeply personal information on up to 14 million current and former federal workers, going back three decades.
At ISMG's Healthcare Information Security Summit, a CIO and two CISOs offered insights on winning CEO support for information security spending as well as building a culture of security. Find out what they had to say.
Medical Information Engineering, which offers Web-hosted EHRs as well as personal health records, reports a hacker attack has exposed an undisclosed number of patients' health information and Social Security numbers.
A massive breach at the U.S. Office of Personnel Management wasn't discovered by government sleuths - or the Einstein DHS intrusion detection system - but rather during a product demo, a new report says.
In addition to providing training, healthcare organizations should consider implementing technology to help prevent user mistakes that can lead to breaches of protected health information, says Geoffrey Bibby of ZixCorp.
Keeping track of missing devices is a critical aspect of information security. Ali Solehdin, senior product manager at Absolute Software, discusses Computrace, which helps organizations secure endpoints and the sensitive data those devices contain.
With regulators gearing up to begin the next phase of HIPAA compliance audits, many covered entities appear to be overconfident about passing that scrutiny, according to the results of ISMG's latest Healthcare Information Security Today survey.
Too few security systems interoperate, which makes it difficult for organizations to block or detect data breaches. But Cisco has an interoperability plan to improve the state of cybersecurity defenses, Chief Security Architect Martin Roesch says.