Federal regulators have entered a $400,000 settlement with an organization that provides centralized corporate support services for a number of New England-area covered entities, citing the lack of an updated business associate agreement. What lessons can be learned from the settlement?
Most enterprises, when addressing mobile security, focus on securing applications, such as the devices' operating systems, or preventing the installation of malware. But NIST cybersecurity experts say organizations should take a much broader approach to ensuring mobile security.
A recent court ruling illustrates yet another way patient privacy can be compromised. A federal bankruptcy court slapped WakeMed Health and Hospitals with financial penalties for exposing patient information in filings it made for cases.
Yahoo's disclosure of 500 million stolen accounts, one of the largest-ever data breaches, comes after months of dark-web chatter that indicated the company may be the next victim following Twitter, LinkedIn and Dropbox.
A recent incident involving a vendor using a Boston clinic employee's credentials to inappropriately access patient data via a regional health information exchange illustrates the potential risks involved as the use of HIEs continues to grow.
A group of cybersecurity policymakers recommends a series of steps the U.S. federal government and the private sector should take to ensure that the nation will have enough cybersecurity specialists in the coming decade.
Three recent criminal cases involving hospital insiders who allegedly committed a variety of fraud, identity theft or egregious privacy violations that victimized patients highlight just how difficult it is to mitigate insider threats.
Cisco has patched another zero-day flaw stemming from the Shadow Brokers' leak of Equation Group tools and attack code. The technology giant warns that attackers have been exploiting the vulnerability.
Apple-FBI crypto debate update: A researcher successfully defeated an iPhone passcode using less than $100 in equipment. But the delicate procedure, if used on the San Bernardino shooter's iPhone, could have accidentally obliterated its data.
To help financial institutions better spot attempted fraud, the SWIFT interbank messaging network plans to begin offering voluntary "daily validation reports" to customers to flag unexpected senders, recipients or payments as well as unusually large payments.
The National Institute of Standards and Technology has issued a draft of a self-assessment tool that's designed to help enterprises gauge the impact and effectiveness of their cybersecurity risk management initiatives.
The Department of Health and Human Services is gearing up for its first-ever round of HIPAA compliance audits of business associates, and is also developing new guidance aimed at helping organizations deal with a surge in cyber threats.
Microsoft has released a slew of security fixes to patch critical vulnerabilities, including in its IE and Edge browsers. One zero-day flaw, fixed via a Microsoft Office patch, has been exploited in the wild for more than two years.
An undercover test by a federal watchdog agency found that previously identified process-related weaknesses persist that could potentially allow individuals to fraudulently enroll in subsidized health insurance programs via federal and state Obamacare online insurance exchanges.