Regulations initially cause organizations to spend more funds on data breaches, but eventually those rules could save enterprises money, the Ponemon Institute's Larry Ponemon says in analyzing his latest study on breach costs.
Intermountain Healthcare deserves praise for its gutsy leadership on information security. It's calling attention to the value of thorough risk assessments, acknowledging its need to improve security and developing best practices to share.
Intermountain Healthcare stepped up its risk assessment efforts to better identify security issues and help ensure it can pass a federal HIPAA audit. Plus, it's developing security best practices to share with others.
Many healthcare organizations can improve their risk assessments by thinking about those evaluations in a new way, says privacy and security attorney Kirk Nahra.
An inspector general's audit of the Department of Veterans Affairs will highlight security control deficiencies in four key areas. Inconsistent enforcement of programs is a major concern.
Federal advisers are considering options for reinforcing the importance of risk assessments in the rules for Stage 3 of the HITECH Act's incentive program for electronic health records.
Making broader use of encryption is an important breach prevention strategy. But what's the best way to set encryption priorities? CISO Eric Cowperthwaite explains how a risk assessment plays a vital role.
News about data breaches is motivating more organizations to take steps to improve their security profiles, says Bill Spooner, CIO of Sharp Healthcare, who analyzes the results of the Healthcare Information Security Today survey.
A House panel establishes a bipartisan supply chain working group to explore the federal government's role in helping industry assure that IT and telecommunications wares they buy abroad are safe from exploits.
A $400,000 federal penalty stemming from the investigation of a breach at a clinic owned by Idaho State University is the latest example of how even relatively small security incidents can trigger hefty sanctions.
Under HIPAA Omnibus, business associates are now directly liable for HIPAA compliance. But covered entities need to take steps to ensure their BAs are, indeed, HIPAA compliant, says privacy attorney Stephen Wu.
Security specialist David Newell outlines common pitfalls healthcare organizations need to avoid when conducting a risk analysis - such as focusing on an insufficient, narrow HIPAA compliance assessment.
A key difference between state-sponsored espionage and organized criminals or hacktivists is the level of persistence and determination to break through defenses. Here's advice from security experts on defending against nation-state attacks.
Payment data and personal information are both attractive targets for criminals, says breach investigator Erin Nealy Cox of forensics firm Stroz Friedberg. Learn why she says card data isn't the only lucrative target.
A Defense Department report to Congress says China could use the targeted information to benefit its defense and high-technology industries as well as give Chinese policymakers a clear picture of U.S. leadership thinking on key China issues.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.