The federal HIPAA compliance audit program won't resume until this fall at the soonest, says Susan McAndrew of the HHS Office for Civil Rights. She describes specific steps that organizations can take to prepare.
Extortionists employing telephony-denial-of-service attacks - a close relative to distributed-denial-of-service attacks - are targeting emergency communications centers that dispatch first responders.
Intel has added privacy to the portfolio of its top information security executive, Malcolm Harkins, who says too many information security professionals are "color blind or tone deaf" to privacy, wrongly thinking strong data protection provides privacy safeguards.
Attacks against Facebook, Twitter and other organizations over the past few months should send a message to business owners that they need to better fund cybersecurity, IT security expert Mischel Kwon says.
As organizations get ready to comply with the HIPAA Omnibus Rule, they also must scrutinize longstanding HIPAA compliance challenges. Experts highlight the key areas of concern.
The main takeaway from a House hearing this past week was that the biggest information security problem most small business operators face is that they're unaware they have an IT security problem.
How can healthcare providers help to ensure better medical device security? They need to put more pressure on device vendors at the time of procurement, says security researcher Kevin Fu.
Attorney Marcy Wilder explains why the HIPAA Omnibus Rule means many healthcare organizations will need to change their approach to determining if an incident is a breach that must be reported.
Conventional wisdom suggests China isn't interested in disabling industrial control systems in the U.S. After all, such an act would be against its own economic interest. But is that type of thinking right?
The Department of Health and Human Services conducts three types of audits or investigations involving privacy and security issues. But preparing for any of these inquiries requires similar steps, experts say.
Too many healthcare organizations conduct a HIPAA compliance assessment instead of a comprehensive risk analysis, says security specialist Dave Newell, who also points out other common mistakes.
The resumption of the HIPAA compliance audit program is on hold while regulators analyze pilot audit project results and implement the HIPAA Omnibus Rule, says Susan McAndrew of the HHS Office for Civil Rights.
The Cleveland Clinic is in continuous risk assessment mode, always on the lookout for emerging threats and vulnerabilities, says Mark Dill, director of information security. Learn about his top priorities.
John Stewart, chief security officer at network provider Cisco, says too many organizations develop IT security policies that are more complex than they need to be.
U.S. banks have been hit by a new wave of distributed-denial-of-service attacks, and experts say the botnet behind the attacks is getting stronger. Learn about the latest developments.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.
