Based on the feedback it received, the Office of the National Coordinator for Health IT will consider making tweaks to its proposed Trusted Exchange Framework and Common Agreement, including provisions related to privacy and security, says ONC's Genevieve Morris.
HHS Office for Civil Rights Director Roger Severino told an audience at the HIMSS18 conference Tuesday that there will be "no slowdown" in the agency's HIPAA enforcement efforts. But he told ISMG following the presentation that there will be no phase 3 for HIPAA compliance audits.
In a groundbreaking prosecution, two individuals in Ukraine have been sentenced for running extortion campaigns that disrupted international victims' websites with massive DDoS attacks unless they paid bitcoin ransoms of up to $10,000.
Anyone who dined out at one of 166 Applebee's restaurants in 15 states may have had their payment card details compromised by point-of-sale malware infections that began in November 2017, RMH Franchise Holdings warns.
To keep up with the ever-evolving cyberthreat landscape, healthcare organizations must combine basic security principles with advanced technologies, Kristopher Kusche, CISO at Albany Medical Center, says in an interview at the HIMSS18 conference.
When working with cloud service providers, healthcare organizations must take responsibility for security practices rather than relying on the vendor, says Sonia Arista, a security consultant who formerly was CISO at Tufts Medical Center. She's a featured speaker at the HIMSS18 conference.
Healthcare organizations must take several important steps to improve their risk management programs, but the most critical move is incorporating security into their system development lifecycles, says security expert Bob Chaput, a featured speaker at the HIMSS18 conference.
Say hello to a new type of DDoS attack: UDP amplification via internet-facing servers running memcached, an open source distributed caching system that can be abused to amplify DDoS attacks by a factor of 50,000.
The U.K.'s National Cyber Security Center and Australian Cyber Security Center are using the "Have I Been Pwned" breach-monitoring service to centrally monitor for email addresses registered to government domains that appear in data breaches.
Many banking institutions boast of being "digital first" and enabling "omnichannel banking." But are they fully aware of the new fraud risks they also are inviting? Kimberly Sutherland and Kimberly White of LexisNexis Risk Solutions discuss how to mitigate omnichannel fraud.
User behavior analytics and data loss prevention tools are among the most promising yet underutilized or improperly implemented security technologies in healthcare, says security consultant Mark Dill, formerly of the Cleveland Clinic, a featured speaker at the HIMSS18 conference.
Equifax has identified 2.4 million U.S. consumers whose names and snippets of their driver's license numbers were stolen, adding to one of the worst breaches in history, which resulted in personal data for most U.S. adults being exposed.
Digital certificate vendor Trustico is facing a new crisis after a researcher tweeted about an apparent root-level access flaw in the company's website. The alert comes after Trustico's CEO admitted that his company was archiving private keys for digital certificates.
Leading the latest edition of the ISMG Security Report: President Trump has not authorized the National Security Agency to go after Russian election hackers at the source. Also, 23,000 digital certificates get revoked after their private keys get leaked, and an analysis of deception technologies.