This could be a record year for HIPAA enforcement actions by federal regulators, both in the number of resolution agreements and in the size of financial settlements resulting from breach investigations, predicts privacy attorney Adam Greene.
Lucia Savage, chief privacy officer at ONC, explains how a new "interoperability pledge" taken by dozens of large electronic health record vendors and healthcare organizations will advance secure health data exchange as well as help patients to securely share their own health information.
The "industrialization" of cybercrime, remote-access attacks and mobile-banking application and online-browser overlay attacks are trends the financial industry should monitor this year, says George Tubin of IBM Security Trusteer.
It's springtime in San Francisco: cue the annual RSA Conference. Here are some notable trends that have already emerged from the event, ranging from ransomware and phishing attacks to hacker self-promotion and Facebook fakery.
As the first day of RSA Conference 2016 sessions wrapped up, ISMG's editorial team sat down to discuss their takeaways from sessions and interviews. Editors Tom Field, Tracy Kitten and Mathew Schwartz offer an RSA review.
As the first day of RSA Conference 2016 sessions was set to start, ISMG's editorial team sat down to discuss the event and what to expect from it. Editors Tom Field, Tracy Kitten and Mathew Schwartz offer an RSA preview in this video report.
The HHS Office for Civil Rights is making progress toward launching the long awaited next round of HIPAA compliance audits, which will consist mostly of desk audits. In a critical step, it plans to release its proposed new audit protocol in April, says Deven McGraw, OCR's deputy director of health information privacy.
A thriving market now exists to help cybercriminals recruit new talent, says Rick Holland of the threat intelligence firm Digital Shadows, which has been studying how cybercriminals advertise for new recruits - and the types of technology skills that are most in demand.
The cyberattacks that we've seen in the healthcare sector over the past year are starting to rewrite the rules for healthcare-related businesses in a way we really haven't seen before. How are you upping your game?
A federal magistrate in Brooklyn, N.Y., unlike another judge in California, has denied a request by federal authorities to force Apple to retrieve data from an iPhone, this time in a New York narcotics case.
A new report from California's attorney general says failure to implement 20 critical security controls constitutes a lack of "reasonable security." So, could failure to adopt controls pose a legal threat to organizations? Perhaps, under certain circumstances.
Despite the pervasiveness of data breaches, healthcare organizations are still playing catch-up on implementing strong, risk-based security programs, rather than focusing solely on HIPAA compliance, says David Finn of Symantec. He offers a preview of his session at the HIMSS 2016 Conference about a new survey.
The Department of Homeland security sees malware provenance - which identifies the attributes of malicious codes - as a way to complement its signature-based Einstein intrusion detection and prevention systems to find malware that infects IT systems.
To the list of vulnerable, Internet-connected devices - from routers and home alarms to baby monitors and toys - now add the world's most popular electric car: the Nissan LEAF. Nissan says a full fix is forthcoming.