Will federal regulators finally tackle long overdue rulemaking related to a HITECH Act provision calling for the Department of Health and Human Services to share money collected from HIPAA settlements and penalties with breach victims?
With enforcement of the EU's GDPR set to begin on May 25, Australian organizations vary in readiness. Steve Ingram of PwC says it's not too late for companies to prepare for GDPR, but it will be too late to ask regulators for forgiveness if something goes wrong.
Following the disclosure of a flaw in the website of LocationSmart that could have been easily exploited to track the location of cellular phone users throughout the U.S. in real time, the Federal Communications Commission has referred the matter to its enforcement bureau for investigation.
The EU's General Data Protection Regulation, which will be enforced beginning May 25, has significant implications for how financial institutions worldwide handle customer data, says Brett King, CEO of Moven, an all-digital bank, who sizes up the challenges.
Strict HIPAA compliance is a great preparation for compliance with the European Union's General Data Protection Regulation, which will be enforced starting May 25, according to attorneys Robert Stankey and Adam Greene, who provide compliance insights in an in-depth interview.
Following reports about U.S. companies that enable government and other users to access real-time tracking information for all major U.S. wireless carriers' subscribers, provider Securus Technologies has reportedly been hacked, while LocationSmart has fixed a data-exposing flaw.
Respiratory care provider Lincare Inc. has signed an $875,000 settlement of a class action lawsuit brought by current and former employees in the wake of a 2017 breach involving a business email compromise scam. The company was previously fined by federal regulators after another breach.
A security breach is always a sensitive topic - but especially so during a merger or acquisition. Ofer Israeli, CEO of Illusive Networks, discusses how deception technology can help prevent disruption by a cyberattack during M&A activity.
The Trump administration has eliminated the top cybersecurity coordinator role in the White House. The decision has earned a sharp rebuke from lawmakers and former government officials, who say cybersecurity demands a greater - not lesser - prominence in the federal government.
Federal regulators plan to craft a new proposal for revamping a HIPAA Privacy Rule provision for "accounting of disclosures" of electronic patient records. Updating that rule was mandated under the HITECH Act, but the modification has been in limbo since 2011.
Researchers at the University of Cambridge, via a myPersonality test on Facebook, reportedly used data from 3 million users to power a spin-off company that delivered targeted advertising services. Facebook says the app is one of 200 that it's suspended for suspicious data handling practices.
Chili's Grill & Bar is warning customers that an unknown number of payment cards were compromised at an unknown number of corporate-owned locations earlier this year for a period of time it suspects lasted two months. Should Chili's have waited to alert customers until it had more information?
Eduard Goodman, global privacy officer of CyberScout, doesn't like the disorganized way most cyber incidents are handled now. Instead, he would like to see a more project management approach. Here are the benefits he foresees.
Although the National Institutes of Health is implementing strong privacy measures as it begins its effort to enroll 1 million volunteers to contribute data to its "All of Us" precision medicine research project, there are still risks involved, says privacy attorney Kirk Nahra.
New York State Attorney General Eric Schneiderman, who resigned on Monday in the midst of a personal scandal, was known for being one of the nation's toughest state enforcers in cases involving breaches, privacy and fraud. So what happens next?