In its second HIPAA enforcement action for 2017, HHS has slapped an insurer with a $2.2 million settlement in the wake of a relatively small breach, citing the company's lack of timely corrective action.
Although HIPAA requires healthcare organizations to conduct a periodic security risk analysis focused on systems containing PHI, larger entities should also perform more comprehensive security self-assessments, advises CISO David Loewy of SUNY Downstate Medical Center, who explains his approach.
The lack of a smoking gun - absolute certainty - has some security experts not entirely convinced that the Russians or their backers hacked Democratic Party computers in an attempt to sway the U.S. presidential election.
Coming soon to an internet service provider near you: routers infected by IoT device botnet-building malware such as Mirai. The latest victim is ISP TalkTalk, which is updating routers to block DDoS attackers who have been seizing control of the devices.
Hacker incidents continue to dominate major breaches reported to the Department of Health and Human Services. Among the latest incidents added to the HHS tally: an attack at an Atlanta clinic affecting more than 530,000 individuals. What can be done to address the risks?
Acknowledging the urgent IT security challenges the nation faces, a cybersecurity commission named by President Barack Obama encourages the incoming administration to adopt some of its recommendations in the first 100 days of Donald Trump's presidency.
In the 13th HIPAA enforcement action this year, federal regulators have slapped the University of Massachusetts Amherst with a $650,000 financial settlement and corrective action plan after investigating a relatively small 2013 breach involving a malware infection at a campus speech and language center.
Vulnerable firmware has been highlighted again in a range of low-cost Android phones, raising concerns over their security. This latest incident comes 11 months after security analysts first raised flags.
Federal regulators are urging healthcare sector organizations to reassess whether their authentication methods need strengthening to help prevent breaches. But does their advice go far enough in advocating multifactor authentication?
U.K. Chancellor Philip Hammond used the launch of Britain's new five-year National Cyber Security Strategy to trumpet the country's strike-back capabilities. But other parts of the strategy - including more automated defenses - hold much greater promise.
In recent weeks, many more hacker attacks - including some ransomware assaults - on healthcare entities large and small have been added to the federal tally of major breaches, continuing a trend that started in 2015.