To ensure their business associates have conducted a thorough risk assessment and other HIPAA compliance tasks, covered entities must have a solid vendor management program in place, says security expert Mac McMillan.
Despite their differences on certain issues, the Financial Services Roundtable and the Retail Industry Leaders Association have joined forces in an effort to prevent breaches by enhancing cybersecurity and threat intelligence sharing.
Security experts disagree about whether the breach of a refrigeration vendor is ultimately to blame for the network attack that compromised Target. Here, they explain their views.
Many business leaders lack a clear understanding of the value of identity and access management. CISO Christopher Paidhrin offers a scenario for how to make the case for an IAM investment.
The potential of governments messing with commercial IT security products - think China and the NSA - means organizations need to improve lines of communications to assure the integrity of the IT wares they acquire. ISF's Steve Durbin discusses mitigating supply-chain risk.
Whether reports that the National Security Agency entered into a secret contract with security provider RSA are true or not - and RSA says they're not - the reputations of all American security vendors have been tarnished.
President Obama met with technology company executives critical of his administration's surveillance program a day after a federal judge ruled that portions of the National Security Agency program could be unconstitutional.
A Senate committee will soon consider a patent reform measure that is less aggressive than a recently approved House bill designed to help stem the tide of patent infringement lawsuits that sometimes target security technologies.
NIST will soon start writing the "final" version of its cybersecurity framework, a guide to information security best practices for operators of the nation's critical infrastructure. But should it be beta tested?
For risk managers, an often overlooked step for minimizing supply chain risks is to continually monitor outsourcers and other third parties to address critical security issues, says the Information Security Forum's Steve Durbin.
As efforts to fix technical glitches on the HealthCare.gov website for Obamacare continue, taking steps to ensure security should be a top priority. Otherwise, efforts to build trust in the system will fail.
Tony Trenkle is stepping down as CIO at the Centers for Medicare and Medicaid Services as the troubled HealthCare.gov website for Obamacare continues to undergo major technical fixes.
Operators of media sites should consider adoption of the cybersecurity framework in the aftermath of the recent domain name systems attacks aimed at The New York Times and Twitter.
In the wake of domain name systems attacks aimed at The New York Times, Twitter and other media sites, experts say security professionals in all fields should take specific mitigation steps.
An important aspect of HIPAA Omnibus Rule compliance for covered entities as well as business associates and their subcontractors is policing what privacy attorney Gerard Stegmaier calls "the data supply chain."
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.