In its second HIPAA settlement revealed this week, federal regulators smacked a New York-based medical research institute with a multimillion dollar penalty after investigating a breach tied to the theft of an unencrypted laptop containing data on several thousand patients and participants in a research project.
In revised guidance, the National Institute of Standards and Technology cautions enterprises to assume that "external environments contain hostile threats" as they establish programs to allow employees and contractors to remotely access critical systems.
Federal regulators have imposed a $1.55 million penalty on a Minnesota healthcare system as part of a settlement following an investigation of a breach involving a business associate. The vendor has already been sanctioned by two other government entities for the same stolen laptop incident.
Attackers have targeted an unknown number of Russia's 700 banks with bogus security-alert emails. The combination of official-looking infrastructure and digitally signed malware recalls the Anthem attack, among other campaigns.
Although most breach-related class action lawsuits fail, a multimillion dollar settlement of a suit stemming from a data breach at St. Joseph Health System in California illustrates how egregious breaches can have serious financial consequences.
Apple has unloaded another blistering legal response to the Justice Department over the court order obtained by the FBI that requires the company to help unlock an iPhone used by one of the San Bernardino shooters.
Growing worries about the use of the U.S. financial system to launder funds for terrorists has spurred proposals for new state and federal regulations aimed at tightening money-laundering controls. Attorney Lauren Resnick explains steps banks are taking to help detect suspicious activity.
In a lawsuit, two small merchants say they, and many other retailers, are unfairly being forced to pay fraud-related expenses as a result of the EMV liability shift even though they converted to EMV technology by the card brands' deadline. Fraud prevention experts analyze the implications of the case.
The system the Department of Homeland Security launched to enable the government and the private sector to share cyberthreat information has privacy shortcoming.
In an unusual twist, a missing unencrypted laptop containing data on nearly 206,000 patients has been returned by mail to Premier Healthcare, a physician group practice in Indiana. But some experts say the organization might have violated the HIPAA Security Rule.
A new report suggests that a Chinese cyber espionage APT attack group is behind a string of targeted ransomware infections that have slammed U.S. firms. Dig into the details, however, and the report is nothing but speculation, two security experts caution.
The HHS Office for Civil Rights is moving too slowly in issuing HIPAA guidance related to mobile health apps, cloud storage and other emerging technologies, according to a bipartisan group of congressmen. Does OCR have too much on its plate?
The Federal Trade Commission's review of how nine qualified security assessors scrutinize merchants' PCI compliance could be a sign that more federal oversight of payments security is on the way.
Without saying the word "backdoor," President Barack Obama used an appearance at the South by Southwest conference to argue that law enforcement agencies need weak crypto and likened strong crypto to "walking around with a Swiss bank account in [your] pocket."
Advanced attacks are out, while persistent, relatively simple attacks are in. Despite all of the APT hype in recent years, cybercriminals, and especially nation-state attackers, prefer to keep things simple. Information security experts explain why.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.