A Georgia-based orthopedic clinic has confirmed it's one of the victims of cyberattacks by "The Dark Overlord" hacker who recently posted for sale copies of stolen databases he says contain millions of records. But the clinic is tight-lipped about whether it was a victim of extortion.
As the Pokémon Go craze continues to take off, it's clear that when it comes to chasing virtual creatures through real-world locations, too many people fail to keep some common sense guidelines in mind.
A recently reported health data breach in Colorado offers a reminder that organizations must take precautions to prevent and detect data leakage involving current and former employees inappropriately using personal email.
France's data protection watchdog has slammed Microsoft Windows 10 for collecting excessive amounts of personal data and failing to use strong security controls. Under the country's data protection laws, Microsoft may now face up to $1.7 million in fines.
As Pokémon Go launches in Japan, the government's cybersecurity organization has issued a nine-point safety guide reminding players to beware of real-world and cybersecurity hazards when playing the augmented reality game.
The increase in breaches is having a positive impact on IT security employment, as headlines about one cybersecurity incident after another serve as recruiting tools for skilled cyber defense workers. The IT and IT security workforce reached record levels this past quarter.
Mobile health applications, wearable fitness trackers and even social media sites are creating new privacy risks for health information because the data collected, shared and used falls outside the regulatory scope of HIPAA, says Lucia Savage of the Office of the National Coordinator for Health IT.
The Joint Commission has delayed lifting its ban on clinicians using secure text messaging for patient care orders until it can collaborate with federal regulators to develop additional guidance for deploying the technology.
The federal agency that enforces HIPAA has been very busy lately, taking numerous steps to reiterate the importance of safeguarding patient data and stressing the need to prepare a breach response plan. But the agency still needs to improve transparency on breaches involving business associates.
Oregon Health & Science University says it has been slapped with a $2.7 million fine after HHS investigated two data breaches that affected a total of about 7,000 individuals. It's the eighth HIPAA-related settlement announced by HHS so far this year.
Some healthcare entities may be more likely than organizations in other sectors to pay extortionists to unlock data that's been encrypted in ransomware attacks because patients' lives are potentially at risk if data is unavailable, says security expert Kate Borten, who discusses risk management issues.
An analysis of the record of the U.K.'s new prime minister, Theresa May, on cybersecurity and online privacy and a report on efforts to create an antidote to ransomware highlight this edition of the ISMG Security Report.
Businesses on both sides of the Atlantic are lauding the new U.S.-EU Privacy Shield, which gives them a legal way to handle Europeans' personal data. But privacy rights groups have criticized the agreement for falling short of the EU's own privacy protections.
The Obama administration has unveiled a federal cybersecurity workforce strategy that calls for identifying, recruiting, developing, retaining and expanding "the best, brightest and most diverse cybersecurity talent" for federal service. But are those goals realistic?
The Department of Health and Human Services' Office for Civil Rights has notified 167 covered entities they've been selected for remote "desk audits" of their HIPAA compliance. But the audits will focus on only a handful of requirements.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.