Inspector General Russell George says hackers would have had a tougher time breaching the IRS "Get Transcript" system if the agency had implemented IG recommendations, but he stops short of saying the safeguards would have prevented the hack.
In assessing risk, computer security has three characteristics: confidentiality, integrity and availability. But not all of those traits help systems designers assess privacy risks. So NIST is developing a privacy risk management framework.
Some healthcare associations are seeking more clarity from federal regulators about security and privacy requirements proposed for Stage 3 of the HITECH Act "meaningful use" incentive program for electronic health records. Find out their concerns.
The Senate has moved closer to approving the USA Freedom Act, with a vote expected in the coming days on the House-passed legislation to provide for surveillance of Americans' phone records with approval of a court order.
Another large hacker attack has been revealed in the healthcare sector. But unlike three recent big cyber-attacks, which targeted health insurers, this latest breach hit a healthcare provider organization. Experts weigh in on mitigation steps.
Five best practices noted in version 3.0 of the PCI Data Security Standard will become requirements after June 30, with remote access and third-party risks the key focus - particularly for smaller merchants.
Using personal information gained from third-party sources to circumvent authentication protections, hackers breached 100,000 accounts of taxpayers who had used the IRS's "Get Transcript" application, which has been temporarily shuttered.
MasterCard's breach settlement with Target has been derailed after not enough card issuers agreed to the terms. Now MasterCard is expected to attempt to renegotiate, while banks continue with a class-action lawsuit against the retailer.
A U.S. Department of Commerce proposal to restrict the export of so-called "intrusion software" to prevent foreign adversaries from acquiring zero-day exploits has raised concern in the developer community.
The 21st Century Cure bill, designed to advance medical research and innovation, has passed another Congressional hurdle without any revisions to controversial provisions that call for significant changes to the HIPAA Privacy Rule.
While the "Logjam" vulnerability raises serious concerns, there's no need to rush related patches into place, according to several information security experts. Learn the key issues, and how organizations must respond
Although the CareFirst BlueCross BlueShield breach is the third major hacker attack against a health insurer revealed in recent months, experts warn that other organizations, including health information exchanges, could be targeted next.