Does your organization really have a clear idea of what measures your business associates are taking to safeguard your most sensitive data? Yet another breach, this one affecting Arkansas Blue Cross Blue Shield, points to the risks.
With so much stolen PII available to fraudsters, it's time for banks and others to move to more sophisticated forms of authentication of customers' identities. Knowledge-based authentication is no longer reliable.
The GAO expects to make recommendations this fall for how enrollment controls on HealthCare.gov can be improved after a recent "undercover" test determined it was easy for 11 fictitious applicants to fraudulently enroll in subsidized Obamacare coverage.
The Office of Personnel Management is reportedly struggling with how best to notify 21.5 million individuals that their personal information was breached. Meanwhile, some lawmakers are voicing support for a proposal to provide lifetime ID theft monitoring for the victims.
After jumping by 33 percent in 2014, the number of Americans who consider themselves IT security professionals has remained flat for the first half of 2015, according to an examination of federal government employment data. That's bad news for employers seeking IT security pros to hire.
Blue Cross and Blue Shield plans' offer of extended ID protection to the more than 106 million individuals covered by their insurance could set new expectations for breach response, some security experts, including Ann Patterson, predict.
At a hearing on the role the Interior Department played in a recent breach at the Office of Personnel Management, the Interior deputy inspector general painted a picture of how a hacker might have breached the agency's computer system.
An international police operation has resulted in charges being filed against dozens of suspected cybercriminals, as well as the shuttering of the infamous hacking forum Darkode. But will the operation take a serious bite out of cybercrime?
Security researchers reported a zero-day bug to Microsoft - which has patched the flaw - after reverse-engineering details were contained in a bug hunter's sales pitch to hacked surveillance software vendor Hacking Team.
In the wake of several mega breaches affecting its affiliates, the Blue Cross Blue Shield Association says all 36 of its affiliated plans will offer free identity protection services for as long as individuals are enrolled in their insurance coverage.
After the OPM breach, the U.S. and China recently agreed to hammer out a cyber "code of conduct." But John Pescatore, a director at the SANS Institute, argues that governments would be better served by first jointly combating cybercrime.
The OPM breach is not just the biggest in U.S. government history. It's also likely a classic case of third-party risk management, says Jacob Olcott of BitSight Technologies. What are the key lessons to be learned?
Shed a tear for enthusiasts of aging Microsoft Windows operating systems. That's because Microsoft has now retired Windows Server 2003 support, as well as anti-virus scanner and signature updates for Windows XP. But breaking up can be hard to do.
To prepare for any type of information security audit, healthcare organizations must be ready to precisely demonstrate how they are assessing, prioritizing and mitigating risks, as a recent state audit of Roswell Park Cancer Institute reinforces.