The Centers for Medicare and Medicaid Services is creating a new position of chief risk officer in a multi-faceted effort to analyze and address problems with the troubled HealthCare.gov rollout. What are the security implications?
NSA Director Gen. Keith Alexander says the agency has taken 41 actions to prevent leaks by insiders in the wake of disclosures of classified documents about the agency's surveillance programs by former agency contractor Edward Snowden.
Security analyst Doug Mackey says his discovery of a vulnerability in the Department of Veterans Affairs' VistA electronic health record system highlights the importance of software security testing.
Receiving a notification letter about a data breach brings home the reality of just how common these incidents are - and how much prevention work, including encryption, still needs to be done.
Lawmakers have raised concerns that the Food and Drug Administration hasn't been as forthright as it should in disclosing an October breach that exposed personally identifiable information of 12,000 to 14,000 individuals.
Managers at all levels must understand their responsibilities in providing role-based cybersecurity training, says Patricia Toth, a computer scientist at the National Institute of Standards and Technology.
The HHS Office for Civil Rights, which enforces HIPAA, has some compliance issues of its own to address, according to a new inspector general report. But OCR officials say they've been addressing those matters.
A letter from eight prominent online companies to President Obama and Congress calls for reform of government surveillance programs, outlining concerns about the way the NSA monitors online and telephone communications.
A breach potentially affecting hundreds of thousands of individuals insured by Horizon Blue Cross Blue Shield of New Jersey offers more proof that physical security is no substitute for encryption.
Mobile security is no longer about managing devices, says Ian McWilton of Moka5. The real trick is to secure corporate assets through containerization solutions that reduce costs and improve user experience.
The partial takedown of ZeroAccess, one of the world's largest botnets, is an example of the role that collaboration between business and law enforcement can play in battling cybercrime.
Federal regulators plan to give healthcare providers an extra year to comply with requirements, including enhanced privacy and security measures, for Stage 2 of the HITECH Act electronic health record incentive program.
Healthcare providers and their business associates need to take steps to protect patient data as they would defend any other significant business asset, says David Holtzman, a former senior official at the agency that enforces HIPAA.
The theft of 2 million credentials reminds security professionals that their organizations are at risk because many employees use the same passwords and devices for personal and business purposes, data security lawyer Ronald Raether says.
The IRS system that would allow eligible taxpayers to use refunds to help pay for health insurance under the Affordable Care Act wasn't built to detect fraud, a just-issued audit reveals.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.
