Despite their limited resources, smaller healthcare provider organizations must overcome "paralysis" and ramp up efforts to safeguard information systems or risk becoming potential gateways for breaches at larger organizations, says Michael Kaiser of the National Cyber Security Alliance.
A federal official's comments this week that the government is "ending" the HITECH Act's "meaningful use" incentive program for electronic health records is raising numerous questions, including what's next for health data privacy and security regulations.
The discovery of a serious remote code execution flaw in Trend Micro's consumer security software - now patched - is a reminder that even security software has code-level flaws. But shouldn't security vendors be held to a higher standard than others?
The primary mission of the new Global Cyber Alliance is to identify measurable ways to mitigate cyberthreats facing the public and private sectors, says Phil Reitlinger, a former DHS official and Sony CISO, who heads the new group.
Reports on the Ukrainian energy supplier hack have left many crucial questions unanswered: Who was involved, did malware directly trigger a blackout and are other suppliers at risk from similar attacks? Cybersecurity experts offer potential answers.
You made this mess, now you'll clean it up. That's the security message of the Federal Trade Commission's settlement with Oracle over its failure to update or eliminate older, insecure - and actively targeted - versions of Java.
To guard against health data breaches, healthcare organizations must demand more proof that their business associates are safeguarding patient data and mitigating related risks, says privacy and security expert Daniel Schroeder.
In its sixth HIPAA resolution agreement so far in 2015, the HHS Office for Civil Rights has announced a settlement with the University of Washington Medicine that includes a $750,000 penalty. It's the first HIPAA enforcement case stemming from the investigation of a phishing-related breach.
TalkTalk's confusion in the wake of its recent data breach, as well as mangling of technical details and failure to encrypt customer data, demonstrate the importance of having an incident-response plan ready in advance of any breach, experts say.
As the Department of Health and Human Services gears up for its second round of HIPAA compliance audits, the focus will shift to using these audits for potential enforcement actions, including financial settlements, predicts attorney Anna Spencer.
The National Institute of Standards and Technology has issued a Guide to Application Whitelisting that provides step-by-step instructions on deploying automated application whitelisting to help prevent malware from accessing IT systems.
The so-called 30-day cybersecurity sprint championed by Federal CIO Tony Scott has resulted in a strategy and implementation plan for federal government civilian agencies that focuses on a defense-in-depth approach to IT security.
FBI Director James Comey's declaration that the Obama administration will not pursue legislation to require vendors to create a backdoor that would permit law enforcement to circumvent encryption on mobile devices isn't the end of the matter.