New research says more than 25 percent of consumers hit by a data breach later become victims of identity fraud - especially when payment card information is exposed. Javelin's Al Pascual shares analysis.
State and local agencies that must comply with federal regulations have complained that they can be befuddled by privacy requirements that could limit the effectiveness of their information sharing systems.
As a result of the HIPAA Omnibus Rule, which broadens the number of organizations that must meet privacy and security requirements, demand for infosec pros in healthcare is higher than ever. Where is the greatest need?
Security and IT leaders, including John Halamka, are calling attention to the difficulty of complying with a HIPAA Omnibus provision about not passing along certain patient information to insurers. What are their concerns?
Two more cases of identity theft at hospitals shine a light on how patient information can be stolen to commit fraud. But healthcare organizations can take steps to help prevent these kinds of breaches.
Several consumer advocates say they're pleased that the HIPAA Omnibus Rule strengthens patient privacy protections and helps ensure patients can obtain their records. Learn about what they like - and dislike - in the rule.
How can security pros help organizations prevent breaches and data loss? The Online Trust Alliance has released its latest guide to data protection and breach readiness, and OTA founder Craig Spiezle offers tips.
Although suggestions in a new Federal Trade Commission staff report do not have the force of law, they do provide guidance on how the agency could enforce American federal laws and regulations to protect the privacy of users of smart phones and tablets.
Privacy and security leaders, including John Houston at University of Pittsburgh Medical Center, are evaluating the changes needed to comply with the HIPAA omnibus final rule. Find out what's on their to-do lists.
A Montreal computer science student accessed, without authorization, an IT system to check if a software vulnerability he discovered had been remedied. This case raises the question: When, if ever, is such unauthorized action justified?