Latest

Data Breach

HIPAA Case: Hospital Fined for Ex-Employee's Access to PHI

Marianne Kolbasuk McGee  •  December 12, 2018

In its third enforcement action in recent weeks, federal regulators have hit a Colorado medical center with a HIPAA fine in a case involving failure to terminate a former employee's remote access to patient data. Other organizations can use the case as a "teachable moment," one attorney advises.

General Data Protection Regulation (GDPR)

GDPR: 8,000 Data Breach Reports Filed So Far in UK

Mathew J. Schwartz  •  December 10, 2018

The U.K.'s privacy watchdog says that six months after enforcement of the EU's General Data Protection Regulation began, it's seen a dramatic increase in data breach reports - as well as privacy complaints from the public.

►

Artificial Intelligence & Machine Learning

A CISO's View on Analytics in Healthcare Security

Tom Field  •  December 10, 2018

The marketers would have us believe that machine learning and behavioral analytics are the keys to unlocking the future of healthcare information security. But Vikrant Arora, CISO of the Hospital for Special Surgery in New York, offers a more practical outlook.

►

3rd Party Risk Management

Healthcare Responds to Need to Improve Vendor Oversight

Tom Field  •  December 10, 2018

As regulators increasingly focus on third-party risk, healthcare organizations are entering more strategic partnerships with their critical vendors. And the effort is paying off with improved vendor risk management, says Mitch Parker, CISO of Indiana University Health System.

►

Cybersecurity

Why Banking Needed a New Cybersecurity Profile

Tom Field  •  December 10, 2018

The Financial Services Sector Coordinating Council recently unveiled the Cybersecurity Profile - a framework that integrates widely used standards and supervisory expectations to help financial institutions develop cyber risk management programs. Josh Magri of the Bank Policy Institute outlines key elements.

3rd Party Risk Management

Another Electronic Health Records Vendor Hacked

Marianne Kolbasuk McGee  •  December 7, 2018

Yet another cyberattack against a cloud-based electronic health records vendor has been revealed. This one involved a ransomware attack that potentially exposed data on 16,000 patients of a California eye clinic. What can healthcare organizations do to minimize vendor risks?

Cybercrime

Australia Passes Encryption-Busting Law

Jeremy Kirk  •  December 7, 2018

Australia's Parliament has passed new laws enabling it to compel technology companies to break their own encryption. Although the government argued the laws are needed to combat criminal activity and terrorism, opponents argued the powers could creep beyond their scope and weaken the security of all software.

Cybercrime

GOP Hacking Incident: What Happened?

Nick Holland  •  December 7, 2018

An update on the hacking of email accounts of four senior aides within the National Republican Congressional Committee leads the latest edition of the ISMG Security Report. Also featured: An analysis of when the first major fines for violations of the EU's GDPR could be issued.

3rd Party Risk Management

Emails Expose Sensitive Internal Facebook Discussions

Jeremy Kirk  •  December 6, 2018

A batch of documents meant to be kept under court seal lays bare Facebook's strategic brokering of access to user data to reward partners and punish potential rivals. The material also demonstrates Facebook's views at the time on privacy and the risks of leaking data.

►

Compliance

Legal and Compliance: 3 Questions for CISOs

Tom Field  •  December 6, 2018

What are three burning questions regarding legal and compliance issues that enterprise security leaders should ponder as they head into 2019? Ed Amoroso, former CISO of AT&T and current CEO of TAG Cyber, outlines the questions and possible answers.

►

General Data Protection Regulation (GDPR)

GDPR and You: What's Changed?

Tom Field  •  December 6, 2018

Enforcement of the European Union's General Data Protection Regulation began May 25. What has happened since then? And how has the privacy dialogue evolved in the U.S.? Attorney Jay Kramer shares insights on how organizations are now approaching privacy.

3rd Party Risk Management

Applying Secure Multiparty Computation Technology

Geetha Nandikotkur  •  December 6, 2018

Israel-based Yehuda Lindell, a cryptography professor, describes how to use secure multiparty computation technology to protect cryptographic keys and describes other potential security applications.