Should federal regulators provide physicians with a free pass from having to conduct a HIPAA risk analysis or face a random HIPAA compliance audit if they implement a cybersecurity framework? That's what the AMA is proposing. Security experts weigh in with reactions.
Organizations need to carefully assess - and then verify - the data security controls their existing - and prospective - vendors have implemented, says privacy and security expert Rebecca Herold, who offers a range of vendor management tips in an in-depth interview.
Healthcare organizations must take several important steps to improve their risk management programs, but the most critical move is incorporating security into their system development lifecycles, says security expert Bob Chaput, a featured speaker at the HIMSS18 conference.
A government watchdog agency alleges that insurer Health Net of California has refused to cooperate in a security audit called for under a federal contract. Similar disputes often arise when healthcare organizations attempt to scrutinize the security practices of their vendors, some security experts point out.
Federal regulators are warning healthcare entities and business associates to take action to prevent becoming the next victim of cyber extortion, such as a ransomware attack. What are the recommended steps? And what other insights do experts offer?
Organizations in the Middle East and Central Asia are beginning to respond to the nuances of the evolving threat landscape in the region, says Tata Communication' Avinash Prasad in this exclusive interview.
A recent incident involving an Indiana hospital that publicly admitted to paying a $55,000 ransom to unlock data following a ransomware attack - despite having backup systems - highlights the need to test data recovery plans.
So what actions can we expect in 2018 from the Department of Health and Human Services' Office for Civil Rights as it enforces the HIPAA privacy, security and breach notification rules? Making a prediction is difficult, given all the changes at HHS.
Most of the criminal activity targeting today's enterprises originates at the endpoint, and the majority of modern breaches use known threats or vulnerabilities for which a patch already exists. For this reason, endpoint visibility must be complete and continuous.
As data breaches increase in scale and frequency, businesses must ensure an effective, swift and well-orchestrated response. To help them, ISMG on Wednesday and Thursday will host a Fraud and Breach Prevention Summit in Mumbai offering insights from 20 leading CISOs and many other experts.
Spear phishing is the common trigger to many of the most popular - and successful - targeted attacks. How can organizations improve their defenses? Jon Clay of Trend Micro tells how to better spot and stop spear phishing.
Every new cybersecurity regulation includes at least some emphasis on improving vendor risk management. But what happens when vendors balk at the extra degree of scrutiny required? Moffitt Cancer Center's Dave Summitt describes his risk-based approach to business associates.
The United Kingdom might be greater than the sum of its parts. But when it came to the WannaCry outbreak, some parts of the United Kingdom did less great than others. Here's how the governments and health boards of Scotland, Northern Ireland and Wales are responding.