Leading the latest edition of the ISMG Security Report: The Department of Justice indicts Russians for allegedly running an industrialized troll factory designed to influence U.S. politics. Also, a feature in Australia's new real-time payment system could be abused by identity thieves.
Federal agencies recently gave medical research organizations and others an extra six months to comply with most provisions of the updated "Common Rule" regulations that aim to protect human subjects in research, including ensuring their privacy. What's the impact of the delay?
Iliana Peters has left the Department of Health and Human Services' Office for Civil Rights just months after she was named to replace the agency's former top HIPAA enforcer, Deven McGraw. Is OCR experiencing a HIPAA brain drain?
Google is prepping its Chrome browser to brand as "not secure" every site a user tries to visit that does not use HTTPS encryption by default. The move is meant to push more sites to use HTTPS to secure communications and help block eavesdropping and man-in-the-middle attacks.
Healthcare entities are increasingly considering user and entity behavioral analytics tools because their previous breach prevention and detection efforts have fallen short, says security expert Mac McMillan.
A new report from a Veterans Affairs watchdog agency on a guest Wi-Fi network that was set up at a VA medical center without coordination with VA IT officials to ensure security spotlights the risks and challenges that many healthcare entities face with so called "shadow IT."
Orwell got it wrong: People are less likely to surrender their privacy to a totalitarian state than to the lure of sharing holiday snaps, cat videos or the route and time they took for their latest cycling, jogging or kiteboarding outing, as captured by a wearable fitness device.
In one of the largest HIPAA settlements ever, federal regulators have signed a $3.5 million settlement with a Massachusetts-based healthcare organization that reported five small health data breaches in 2012 involving lost or stolen unencrypted computing devices.
Federal regulators are warning healthcare entities and business associates to take action to prevent becoming the next victim of cyber extortion, such as a ransomware attack. What are the recommended steps? And what other insights do experts offer?
Fitness app and website developer Strava has landed in hot water after publishing a global heat map that shows users' workout routes in aggregate. By doing so, the firm has inadvertently revealed military installation layouts and other sensitive information.
A class action lawsuit filed against Allscripts in the wake of a ransomware attack that recently disrupted patient care at hundreds of healthcare practices will spotlight a variety of critical security and legal issues, says Steven Teppler, the plaintiffs' attorney, in this in-depth interview.
How much does it cost to buy cybercrime-enabling products or services? Just $5 and up, security researchers say. Law enforcement agencies warn that small-time players as well as "serious and organized" crime rings are using cybercrime as a service to make illicit profits.