In the latest "Proof of Concept," Chris Hughes, co-founder and CISO of Aquia, join editors at ISMG to discuss the nuances around software liability, how organizations are integrating standards development practices, and guidelines for determining when a supplier qualifies for safe harbor.
Open-source software is pervasive in healthcare. It is used in critical systems such as electronic health records and components contained in medical devices. Federal regulators are urging healthcare sector firms to be vigilant in managing risks and threats involving open-source software.
Despite the high frequency of major health data breaches involving vendors, many healthcare sector entities remain lax in their approach to manage and reduce third-party security risk, said Glen Braden, CIO and principal of compliance auditing firm Attest Health Care Advisors.
A new guide from the Cybersecurity and Infrastructure Security Agency aims to help healthcare and public health sector entities get a much tighter grip on managing serious risks posed by the most troublesome types of vulnerabilities threatening the beleaguered industry.
New York State will soon seek public comment on sweeping new cybersecurity regulations for hospitals. The proposed rules would come with $500 million in requested funding to help the providers step up their security investments to comply with the new requirements.
Regulating AI is "like regulating Jell-O," said Massachusetts risk counsel Jenny Hedderman, but states are looking at regulating "areas of harm" rather than AI as a whole. In this episode of "Cybersecurity Insights," Hedderman discusses privacy, third-party vendor risk, and lawyers' use of AI.
The vast range of questionnaires used in the current third-party assessment process make the process ineffective because the questionnaires typically do not give the context required for specific organizations with unique needs, according to Darshan Lakha, head of cybersecurity at Vodacom Group.
The number of healthcare organizations and patients affected by a recent data theft at medical transcription firm Perry Johnson & Associates is expanding: The company now says the breach affected the sensitive information of about 9 million people.
Remote 3rd-party access is a particular problem in OT environments compared to IT environments, since OT often uses older legacy systems with longer replacement cycles. Consequently, the operators may not be familiar with using more advanced systems with remote connections as they more often work on-site.
Also, there...
Learn why a risk-based perspective on cybersecurity can be a game-changer for your organization. This new study conducted by the analyst firm Enterprise Management Associates (EMA) on behalf of ProcessUnity and CyberGRX is essential reading for every information security professional eager to remain at the forefront...
This white paper covers the disclosures required by the new SEC rules, the challenges these disclosures present to cybersecurity professionals and tips for managing these challenges with cybersecurity risk management software.
Newly passed cybersecurity rules from the SEC signal a renewed interest in regulating...
The financial services threat landscape is continually evolving. Matanda Doss, executive director of cybersecurity and technical controls at JPMorgan Chase, stressed the need to build security measures into an organization's infrastructure, starting with critical assets.
Post pandemic, remote and hybrid workforce models have become the new norm. However, this wholescale shift to remote work is providing low hanging fruit for hackers’ intent on taking advantage of vulnerabilities created when organizations rush to virtually connect remote workers to the workplace.
Unfortunately,...
Remote third-party access is a particular problem in OT environments compared to IT environments, since OT often uses older legacy systems with longer replacement cycles. Nicolas Moskal provides a demonstration of practical solutions to overcome these challenges.
Five regional hospitals in Ontario still have no access to patients' electronic health records and other critical data nearly two weeks after an attack on their shared IT services provider. Ransomware group Daixin Team claims it stole more than 5.6 million patient records in the attack.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.
