A George Mason University research fellow says the cybersecurity framework, issued earlier this year by the National Institute of Standards and Technology, is likely to cause more problems than it solves.
The SEC is planning to conduct more than 50 examinations to assess cybersecurity preparedness in the securities industry. Experts assess what other sectors can learn from this effort.
The Government Accountability Office's Gregory Wilshusen is an empathetic IT security auditor, saying he understands why agencies don't always follow his recommendations. Read why.
While the 2014 Healthcare Information Security Today survey indicates more healthcare entities are performing HIPAA security risk assessments, smaller providers and business associates are still struggling with this task, says security expert Kate Borten.
Thorough documentation will be more important in the next round of HIPAA compliance audits slated to begin this fall because most will not involve onsite examinations, says privacy attorney Adam Greene.
President Obama has reportedly decided that the government shouldn't exploit encryption flaws, such as Heartbleed, in most instances unless there's "a clear national security or law enforcement need." But how should that need be determined?
New revelations that the NSA meddled with RSA encryption tools is raising concerns about the security of offerings not only from RSA, but other security product vendors, too.
The basis of any good security program is conducting a thorough and timely risk analysis; but that can be difficult for smaller healthcare organizations. That's why a federal agency will soon unveil an app designed to make the process easier.
Speculation surrounding the cause of the disappearance of Malaysia Airlines Flight 370 hasn't included the possibility of a cyber-attack. But one cybersecurity expert contends hacking an airliner is feasible.
Two Stanford University researchers are conducting a study using crowdsourcing to show that the NSA's culling of telephone metadata can reveal a lot about an individual. I joined the crowd to find out what the metadata says about me.
If Congress fails to enact a national breach notification law, the Obama administration could develop a set of voluntary best practices along the lines of its new cybersecurity framework.
Russia's offensive military actions in Crimea and its threats to the rest of Ukraine are raising concerns about how the conflict could play out in cyberspace.
The HIMSS 2014 Conference, to be held Feb. 23 to 27 in Orlando, will feature an impressive lineup of privacy and security educational content, plus updates from federal regulators. Check out the highlights.
Privacy notices are largely boring, confusing and ignored by patients. But federal regulators are holding a contest to spur development of patient-friendly, understandable notices to post online.
Security experts disagree about whether the breach of a refrigeration vendor is ultimately to blame for the network attack that compromised Target. Here, they explain their views.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.
