People, as much as anything else, are a critical aspect of information risk management, and businesses and government agencies must monitor employees - and educate them, as well - to thwart a potential threat from within.
The Department of Veterans Affairs' effort to expand use of smart phones and tablets won't pick up speed until after it implements an enterprisewide mobile device management system to monitor the devices, says CIO Roger Baker.
"It's a crime like no other crime," says James Ratley, president of the ACFE, describing fraud. "There was not a gun involved, there was not a knife; there was in many cases a ballpoint pen or a computer."
The Privacy and Security Tiger Team, which advises federal healthcare regulators, likely will not meet again until after a batch of new regulations is released in the first quarter, says co-chair Deven McGraw.
"Accountability for security and privacy in public cloud deployments cannot be delegated to a cloud provider and remains an obligation for the organization to fulfill," NIST Computer Scientist Tim Grance says.
With the tardy addition of the Sutter Health breach, the federal "wall of shame" tally of major healthcare information breaches now includes 385 incidents affecting more than 19 million individuals since September 2009.
Another guilty plea has been entered in a $200 million Medicare fraud scheme that involved bogus therapy sessions for the elderly in the Miami area. With the plea by Sandra Jimenez, nine defendants have now either pleaded guilty or been convicted at trial.
Hospitals and other covered entities looking for insights on how to prepare for a HIPAA compliance audit -as well as prevent breaches - should build a self-audit approach based on the findings of a recent government report, says attorney Timothy McCrystal.