The Centers for Medicare and Medicaid Services is creating a new position of chief risk officer in a multi-faceted effort to analyze and address problems with the troubled HealthCare.gov rollout. What are the security implications?
NSA Director Gen. Keith Alexander says the agency has taken 41 actions to prevent leaks by insiders in the wake of disclosures of classified documents about the agency's surveillance programs by former agency contractor Edward Snowden.
Lawmakers have raised concerns that the Food and Drug Administration hasn't been as forthright as it should in disclosing an October breach that exposed personally identifiable information of 12,000 to 14,000 individuals.
Managers at all levels must understand their responsibilities in providing role-based cybersecurity training, says Patricia Toth, a computer scientist at the National Institute of Standards and Technology.
The HHS Office for Civil Rights, which enforces HIPAA, has some compliance issues of its own to address, according to a new inspector general report. But OCR officials say they've been addressing those matters.
A letter from eight prominent online companies to President Obama and Congress calls for reform of government surveillance programs, outlining concerns about the way the NSA monitors online and telephone communications.
Mobile security is no longer about managing devices, says Ian McWilton of Moka5. The real trick is to secure corporate assets through containerization solutions that reduce costs and improve user experience.
Federal regulators plan to give healthcare providers an extra year to comply with requirements, including enhanced privacy and security measures, for Stage 2 of the HITECH Act electronic health record incentive program.
Healthcare providers and their business associates need to take steps to protect patient data as they would defend any other significant business asset, says David Holtzman, a former senior official at the agency that enforces HIPAA.
The theft of 2 million credentials reminds security professionals that their organizations are at risk because many employees use the same passwords and devices for personal and business purposes, data security lawyer Ronald Raether says.