The Finnish security provider F-Secure concludes the attack e-mail doesn't look too complicated. In fact, it's very simple. But the exploit inside Excel was a zero-day attack at the time and RSA couldn't have protected against it by patching its systems.
Preliminary results of our inaugural Healthcare Information Security Today survey, which is still open for participation, show that only about half of healthcare organizations have a plan in place to comply with the HITECH Act breach notification rule.
We're pleased that two members of Congress have asked the Government Accountability Office to study whether federal regulators are adequately addressing the security risks involved in using wireless medical devices.
Experts advise healthcare organizations that are considering using cloud computing to ask vendors tough questions about privacy and security and carefully consider whether they need additional liability insurance coverage to address the risks involved.
Because social media pose significant risks to patient privacy, healthcare organizations need to develop detailed social media policies. But unfortunately, many organizations have yet to take that action.
Do patients really want to know the identity of every doctor, nurse, technician, intern, specialist, admin and consulting physician who ever viewed their records?
"There are still a lot of inexperienced people out there that are passing themselves off as experts," says Scott Laliberte, managing director of Protiviti, outlining the common challenges of penetration testing.
When economists dissected July's 0.1 point drop in overall unemployment, to 9.1 percent, they attributed the decline mostly to fewer people seeking work. But that's not the case for IT security professionals. There are few discouraged workers in the information technology occupation categories these days.
The HHS Office for Civil Rights should carefully consider comments received on its proposal to require healthcare organizations to provide patients with a complete list of everyone who has electronically viewed their information.
What Operation Shady RAT reminds us is not just how vulnerable our IT systems are, but how interconnected we are as a global society, and the fundamental role information technology plays.
"The timing and the targets point to China," says cybersecurity policy expert James Lewis. "Spying right before the Beijing Olympics and focusing on Southeast Asia reflects China's larger interests more than those of any other country."
Two electronic health records pioneers that already have earned federal EHR incentive payments stress that a robust risk management program should be an essential component of any movement from paper to electronic records.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.
