The Department of Health and Human Services is seeking comments on how it can improve its security risk assessment tool, which is designed to help smaller organizations conduct assessments as required under HIPAA. Some critics have said the tool is too difficult to use.
A bipartisan group of senators is pushing a bill that would require CISA to identify and respond to vulnerabilities and threats that target industrial control systems. The House has already passed a similar measure.
A bipartisan group of senators introduced a federal breach notification bill Wednesday that would require federal agencies, federal contractors and organizations that are considered critical to U.S. national security to report security incidents to CISA within 24 hours of discovery.
New guidance from the National Institute of Standards and Technology spells out security measures for "critical software" used by federal agencies and minimum standards for testing its source code. The best practices could be a model for the private sector as well.
A proposed $2.7 million settlement has been reached in a lawsuit filed against the University of Pittsburgh Medical Center in the wake of a 2014 data breach that exposed tens of thousands of employees' personal information and resulted in tax fraud.
The U.S. has indicted four Chinese nationals working with the nation's Ministry of State Security in connection with an alleged hacking campaign conducted from 2011 to 2018 that targeted universities and government entities to obtain trade secrets, medical research and other intellectual property.
The Department of Commerce is restricting trade with four Russian IT and cybersecurity firms, along with two other entities, over concerns that these organizations pose a threat to U.S. national security.
Your data is leaking and it's at risk.
Data is a crucial and pervasive asset of any healthcare organization, but to safeguard your most
valuable information—as well as that of your patients—there needs to be a shift in the data security
strategy to protect what really matters: the data itself.
Your data is...
A greater level of cooperation is needed between the DOD and DHS to ensure that U.S. critical infrastructure is protected against various cyberthreats, according to an inspector general's report. The SolarWinds attack showed the need for more coordination between the two departments.
Two states have recently taken steps to bolster cybersecurity and data privacy protections. Connecticut has enacted a law designed to give certain legal protections to businesses that adhere to cybersecurity frameworks. And a new data privacy law in Colorado allows individuals to opt out of data collection.
In a new executive order, President Biden asks the FTC to establish new rules governing how tech firms can collect and use data from their customers as a way to offer more privacy protections for U.S. consumers. The order also looks to push the Justice Department to step up its antitrust enforcement.
Acting CISA Director Brandon Wales, Rep. Jim Langevin and many others will discuss the government's top priorities in addressing cybersecurity challenges at ISMG's Virtual Cybersecurity Summit: Government, to be held July 13 and 14.
Amazon's Alexa virtual assistant device and applications are unlawfully recording and storing highly sensitive and private conversations, including discussions of patient information, that were not meant to be recorded, four healthcare workers allege in a lawsuit seeking class action status.