What's it take to be a successful CISO? Mark Dill, former longtime information security director at the Cleveland Clinic, says it comes down to being patient, persistent and perceived as practical. He offers detailed career advice in this interview.
A modification to the HIPAA Privacy Rule designed to help identify those who are prohibited, for specific mental health reasons, from having a firearm will have little impact on most healthcare providers because it's so narrow in scope.
A power blackout that recently affected about 1.4 million Ukrainians has been tied to an espionage Trojan called BlackEnergy. The attack appears to be the first time that hackers have successfully used malware to help disrupt energy-generation systems.
Expect rebooted European Union data privacy rules to drive organizations worldwide to begin minimizing the amount of information they collect and store on individuals in 2016, both to protect privacy as well as minimize the impact of data breaches.
Is the agency that enforces HIPAA doing enough to make sure that organizations that have had multiple smaller health data breaches are taking steps to improve security?
To minimize the risk of business email compromise schemes and similar types of fraud, senior executives at businesses should avoid posting information about their activities on social media and other accessible forums, says security expert Chuck Easttom.
The year 2015 will be remembered for the surge in massive hacker attacks in healthcare. But what lessons can healthcare organizations and their business associates learn from these data breaches?
Boards of directors that figure out how to leverage cybersecurity as a strategic asset will give their organizations a strong competitive advantage, says Lance Hayden of Berkeley Research Group. "Security needs to be part of what the organization uses to competitively differentiate itself."
In the coming months, the Department of Homeland Security will implement a new cyberthreat information sharing law designed to help prevent breaches. But will the Cybersecurity Act of 2015 really make a difference?
In the healthcare sector in 2016, hackers will continue to threaten systems and networks - and possibly medical devices - while federal and state regulators expand and refine their data security enforcement activities.
Organizations in all sectors need to develop an "early warning system" to detect insider threats, says Scott Weber, managing director at the risk management firm Stroz Friedberg.
Improving breach detection and defenses involves much more than buying the latest technology, warns security expert Haroon Meer. "We keep moving on as we try to solve new, shiny problems, which we then half solve, but we still haven't completely solved problems that we knew about 20 years ago."
Without a doubt, 2015 was the year of the healthcare megabreach and a major turning point for the sector. The hacking incidents are a blaring wake-up call to safeguard patient data.
Four years after European criminals exploited EMV implementation vulnerabilities to steal an estimated $650,000, security experts say not all banks have adopted full fixes. But the payment card industry contends related mitigations are in place and working.
Organizations that discover they're victims of business email compromise exploits should immediately contact law enforcement officials to report the attacks to improve the odds of finding the perpetrators, says Assistant U.S. Attorney Camelia Lopez in this video interview.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.
