A $400,000 federal penalty stemming from the investigation of a breach at a clinic owned by Idaho State University is the latest example of how even relatively small security incidents can trigger hefty sanctions.
Under HIPAA Omnibus, business associates are now directly liable for HIPAA compliance. But covered entities need to take steps to ensure their BAs are, indeed, HIPAA compliant, says privacy attorney Stephen Wu.
Security specialist David Newell outlines common pitfalls healthcare organizations need to avoid when conducting a risk analysis - such as focusing on an insufficient, narrow HIPAA compliance assessment.
A key difference between state-sponsored espionage and organized criminals or hacktivists is the level of persistence and determination to break through defenses. Here's advice from security experts on defending against nation-state attacks.
Payment data and personal information are both attractive targets for criminals, says breach investigator Erin Nealy Cox of forensics firm Stroz Friedberg. Learn why she says card data isn't the only lucrative target.
A Defense Department report to Congress says China could use the targeted information to benefit its defense and high-technology industries as well as give Chinese policymakers a clear picture of U.S. leadership thinking on key China issues.
Mark Weatherford, who recently stepped down as DHS deputy undersecretary for cybersecurity, says that although planned OpUSA DDoS attacks may initially be a nuisance, they represent a genuine long-term threat to the government.
NIST's Ron Ross, a big NASCAR fan, likens new security controls guidance to the tools race-car builders use to prevent drivers from breaking their necks when crashing into a brick wall at 200 miles an hour.
NIST's Donna Dodson is leading a federal government effort to take hundreds of suggestions from the private sector to create an IT security best practices framework that critical infrastructure operators could voluntarily adopt.
Expanding the use of encryption is a top breach prevention step for 2013, the Healthcare Information Security Today survey confirms. And CISO Eric Cowperthwaite says a risk assessment is essential for setting encryption priorities.
The Boston Marathon tragedy is yet another reminder to organizations to develop alternative ways to communicate with employees during such emergencies. Otherwise, they could put their organizations' continuity plans at risk.
Improving regulatory compliance and security training, as well as detecting and preventing breaches, are top priorities for 2013, the Healthcare Information Security Today survey shows. Sharp HealthCare CIO Bill Spooner tells why those issues are critical.