Some experts are concerned that the Department of Health and Human Services' Office for Civil Rights isn't taking bold enough action in stepping up its efforts to enforce HIPAA. Learn more about their areas of concern.
New York State Attorney General Eric Schneiderman proposes updating state law to require businesses, including out-of-state firms with New York customers, to implement new safeguards to protect personal consumer data they store.
ENISA - the EU agency responsible for bolstering European cybersecurity practices - is calling on Internet infrastructure providers to adopt best practices for combatting routing threats, DNS spoofing and poisoning attacks, as well as DDoS disruptions.
CISOs are moving from being entrenched in technology issues to becoming more involved in top-level business matters, which requires new skills, says George McCulloch, who leads the new Association for Executives in Healthcare Information Security.
The FBI's attribution of the attack against Sony Pictures Entertainment to North Korea was based, in part, on NSA intelligence gleaned from the agency having infected a significant number of North Korean PCs with malware, a news report says.
The inappropriate use and disclosure of patient information for marketing purposes by an insurer in Tennessee offers a reminder of the importance of complying with HIPAA's marketing-related provisions.
President Obama says he sees the need for law enforcement to gain access to terrorists' encrypted data, but stops short of calling for a law to require manufacturers to provide a so-called "backdoor" to break encryption on mobile devices.
An increasing number of cyber-attacks are not being launched by governments - or their intelligence services - but rather by opportunistic mercenaries offering "espionage-as-a-service," according to a new report.
The U.S. and U.K. plan to hold "cyber war games" to help them prepare for defending against online attacks. Meanwhile, hackers have targeted 19,000 French websites with DDoS attacks and defacements since the Paris massacre.
Weeks after confirming its review of a data breach that occurred during a routine regulatory exam, a financial regulatory agency now says it will pay $50,000 to help cover the affected institution's breach-related expenses.
The grocery store chain Safeway has been ordered to pay a penalty of almost $10 million as part of a settlement with California prosecutors related to improper disposal of confidential pharmacy records and hazardous waste in dumpsters.
India currently has 22,000 information security professionals, but needs 800,000 by 2020. Can the government's scheme bring in the necessary skills? What is the risk to business if these roles aren't filled?
Following the Paris terror attacks, the French government plans to strengthen its surveillance laws, while the British prime minister has promised to allow intelligence agencies to penetrate any encrypted communications.
The president's proposal would provide stronger privacy protections than legislation passed by the House in the last Congress, and furnish targeted liability protections to businesses that share cyberthreat information.