The National Security Agency is piloting a new program, as a result of the Edward Snowden incident, in which systems administrators with top-secret clearance can access certain secret documents only with the approval of another colleague.
A former respiratory therapist has pleaded guilty in an ID theft case involving more than 800 patient records. A security expert explains why detecting insider fraud can be difficult and offers prevention tips.
What can the Food and Drug Administration do to improve the security of medical devices? Sharon Finney, data security leader at Adventist Health System, offers her insights and also describes her organization's security efforts.
Under the new HIPAA Omnibus Rule, business associates and their subcontractors are now directly liable for HIPAA compliance. But what kinds of companies meet the definition of a business associate? Privacy attorney Stephen Wu explains.
Bruce McConnell, acting deputy undersecretary for cybersecurity, says he'll resign from the Department of Homeland Security on Aug. 10, making him the third senior cybersecurity official to leave DHS this year. He's seen as one of DHS's leading cybersecurity theorists.
After going back to the drawing board, federal advisers have reached their original conclusion: No special privacy or security policies are needed for non-targeted health data queries. Read their rationale.
Janet Napolitano's departure as homeland security secretary could have an adverse impact on the nation's cybersecurity policy, at least temporarily, considering the posts of deputy secretary and deputy undersecretary for cybersecurity remain vacant.
Texas Health Harris Methodist Hospital Fort Worth is notifying patients of a breach involving decades-old microfiche medical records discovered in a dumpster. This is the second healthcare breach affecting more than 100,000 individuals reported in recent days.
Addressing cyber-attacks is not just a technology issue. It requires a holistic view from the entire organization, says ISACA's Jeff Spivey, who emphasizes the need for a framework approach to security.