Can U.S. law enforcement use a warrant to seize emails stored outside the U.S. by a cloud services provider? That's the question the Supreme Court has agreed to consider next year. Microsoft continues to fight an order to turn over emails stored in an Irish data center.
An apparently misconfigured Amazon repository that exposed on the web medical data for approximately 150,000 patients serves as another important reminder of the need to protect cloud-based health information from being inadvertently accessible to the public.
A discussion with ISMG Security and Technology Editor Jeremy Kirk about his chat with the cyber gang "The Dark Overlord," which threatened some U.S. school districts with extortion, leads the latest edition of the ISMG Security Report. Also, an update on surging IT security employment.
A bipartisan group of five senators has asked a watchdog agency to produce "clear recommendations" for how to make sure the right patients are matched to the right records to help improve the quality of care and crack down on medical and identity fraud. But will that require a national patient identifier?
HHS has issued a draft five-year strategic plan that includes objectives for protecting "the safety and integrity of human, physical and digital assets." What does the plan say about privacy and security issues?
At the first of three Congressional hearings slated this week to examine the Equifax mega-breach, one Republican said of the company's delay in detecting the breach: "It's like the guards of Fort Knox forgot to lock the doors and failed to notice the thieves were emptying the vaults."
Hospitals and physicians need to ramp up their security scrutiny of electronic health records systems as a result of recent changes in the Department of Health and Human Services' certification of EHRs, says privacy attorney David Holtzman.
Freedom of Information requests sent to 430 U.K. local government councils by Barracuda Networks found that at least 27 percent of councils have suffered ransomware outbreaks. Thankfully, almost none have paid ransoms, and good backup practices appear widespread.
The deadly hurricane season has prompted federal regulators to issue several specific HIPAA waivers in recent weeks. But are such waivers really necessary? And what actions can healthcare providers take during a crisis even without a waiver?
A federal watchdog agency has announced it will scrutinize HHS's incident response capabilities as well as Obamacare's security controls. The agency has also issued a new report finding security gaps in Alabama's Medicaid information systems security.
Equifax is facing increased scrutiny from Congress, including a bill that would mandate free credit freezes for consumers, on demand. But a true fix would require Congress to give U.S. government consumer watchdogs more power.
Top IT security and information risk experts, including former RSA Executive Chairman Art Coviello, analyze the struggles Equifax faces in the wake of a massive data breach in the latest edition of the ISMG Security Report.
An ongoing series of Healthcare Security Readiness workshops reveals some key gaps in how healthcare organizations defend against cybercrime hacking. How should entities assess and mitigate these gaps? David Houlding of Intel shares insights.
A major operation to cleanse websites of digital certificates created under questionable circumstances is underway. Google has issued the orders: Purge digital certificates that were issued by Symantec before June 1, 2016.