Privacy Attorney Lisa Sotto says the Epsilon e-mail breach is a warning about the state of data security employed by some third-party service providers. Strong contracts related to security practices must be the norm, not the exception.
Let's hope the final version of the Federal Health IT Strategic Plan for 2011-2015 contains more details about new privacy and security initiatives than the draft that was recently issued.
After the revelation of Operation Aurora, the term began to take on a different meaning. "In essence," IBM's X-Force report says, "APT became associated with any targeted, sophisticated or complex attack regardless of the attacker, motive, origin or method of operation."
Three recent breach incidents, each involving the loss or theft of back-up drives, illustrate that some organizations are doing a better job than others in informing consumers about the steps they're taking to prevent more breaches.
There are some encouraging signs that stage two criteria for the HITECH Act's electronic health record incentive program will include substantial privacy and security requirements.
This kind of problem happens to everybody, says Marcus Ranum, CSO of Tenable Network Security, in response to the widely publicized breach at RSA. And maybe hes right. Perhaps this kind of problem does happen to everyone. But should it?
Phishing represented more than half of the 107,439 cyber incidents compiled by the U.S.-CERT for fiscal year 2010 from federal, state and local governments, commercial enterprises, American citizens and foreign CERT teams.
The American National Standards Institute is teaming up with the Shared Assessments Program to create a report offering healthcare information breach prevention tips.
Chief information security officers must gain buy-in from every business unit for a risk management framework, says Jim Murphy of Caritas Christi Health Care System.
RSA executives haven't been commenting publicly since the security solutions vendor revealed last week it had been victimized by a sophisticated cyberattack aimed at its SecurID two-factor authentication product. But weeks before the hack, I spoke with RSA Chief Technology Officer Bret Hartman about advanced...
Fraud, risk management emerging technologies -- these issues know no boundaries. That's why we're launching a series of new international BankInfoSecurity sites to draw proper attention to local issues that impact the global banking industry.
"This is not a record of success; whatever we are doing is not working," says James Lewis of the Center for Strategic and International Studies. "As a nation, despite all the talk, we are still not serious about cybersecurity."
Roundup of news and insights from the National HIPAA Summit, including the announcement that state attorneys general soon will receive training on how to file federal civil lawsuits for HIPAA violations.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.
