IT security practitioners who employ the RSA public-private key cryptography needn't lose sleep about its efficacy, despite new research that raises questions on how it creates large prime numbers to generate secret keys, IT security authority Gene Spafford says.
One reason why encryption is not more broadly used in healthcare is that so many organizations lack an updated risk assessment that identifies the role the technology can play in preventing breaches, says attorney Amy Leopard.
Improving regulatory compliance efforts is the No. 1 information security priority for healthcare organizations in the year ahead. That's a key finding of the inaugural Healthcare Information Security Today survey.
"It should provide fuel for anyone calling for data breach legislation to include criminal sanctions ...," says Neal O'Farrell of the Identity Theft Council. "This was nothing short of a clumsy cover-up."
"With a company-issued device, you can issue a policy that says users have no rights of privacy over information on the device," says Javelin's Tom Wills. But with employee-owned devices? A whole new set of issues.
About 4.9 million patients treated in San Antonio area military treatment facilities since 1992 have been affected by a health information breach involving the theft of backup tapes for electronic health records.