What steps can smaller organizations and their vendors take to ensure security and regulatory compliance? They must transcend what researcher Wendy Nather calls the 'Security Poverty Line.' See how.
President Obama uttered the term "cyber" only once in his 7,200-word State of the Union address Tuesday night, but that fleeting moment about an hour into the speech could prove significant.
"It's a crime like no other crime," says James Ratley, president of the ACFE, describing fraud. "There was not a gun involved, there was not a knife; there was in many cases a ballpoint pen or a computer."
The Privacy and Security Tiger Team, which advises federal healthcare regulators, likely will not meet again until after a batch of new regulations is released in the first quarter, says co-chair Deven McGraw.
"Accountability for security and privacy in public cloud deployments cannot be delegated to a cloud provider and remains an obligation for the organization to fulfill," NIST Computer Scientist Tim Grance says.
One reason why encryption is not more broadly used in healthcare is that so many organizations lack an updated risk assessment that identifies the role the technology can play in improving security, says attorney Amy Leopard.
Bringing Your Own Device raises jitters among employers, who worry about exposing or losing sensitive data, and employees, who fret about their bosses spying on them. Despite these anxieties, the trend will continue because that's what people want.
IT security leaders rely on penetration testing to determine whether applications are secure. But penetration tests can't be a primary source of assurance, says Jeff Williams, co-founder of OWASP.
With the tardy addition of the Sutter Health breach, the federal "wall of shame" tally of major healthcare information breaches now includes 385 incidents affecting more than 19 million individuals since September 2009.
Federal regulators are offering a hint about which of the pending rules affecting healthcare information privacy and security will be the first to be issued this year.
The recent breach that affected 24 million customers of Internet retailer Zappos.com should lead others to consider how much client information to store, says cybersecurity expert Fred H. Cate.
Does the U.S. government's shuttering of the file-sharing website Megaupload.com show that new laws are not needed to battle intellectual property piracy? Brookings's Allan Friedman believes it does.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.
