A draft of revised guidance from NIST drops a cryptographic algorithm the NSA is said to have used to circumvent encryption that shields much of global commerce, banking systems, medical records and Internet communications.
A recent inaugural healthcare cybersecurity drill offers a number of lessons, including that many organizations need to improve processing cyberthreat intelligence and sharing that information internally and externally.
As a result of the HIPAA Omnibus Rule's new breach notification guidelines that went into effect last year, business associates need to take certain steps when notifying covered entities of incidents, says security expert Brian Evans.
Two weeks after the launch of Heartbleed.com, traffic to the site remains strong and tweets still flow at a brisk pace. Site creator Codenomicon is helping IT practitioners to mitigate the OpenSSL flaw - and attracting customers, too.
Within one day of the disclosure of the flaw known as Heartbleed, an attacker posing as an authorized user broke into a corporate computer system, exploiting the vulnerability in the OpenSSL protocol, the breach detection firm Mandiant says.
As federal regulators reveal details for the next phase of HIPAA compliance audits, security and privacy experts give the plan mixed reviews. Find out what experts like and don't like about the proposals.
While the 2014 Healthcare Information Security Today survey indicates more healthcare entities are performing HIPAA security risk assessments, smaller providers and business associates are still struggling with this task, says security expert Kate Borten.
Although access to electronic health information is expanding to more users, including patients, many healthcare organizations are still reluctant to use advanced methods of authentication, says Jeff Cobb, CISO at Capella HealthCare.