Healthcare organizations should carefully document all necessary breach investigation and notification actions and responsibilities to avoid chaos when an incident occurs, says Dawn Morgenstern, privacy official at the Walgreens national drugstore chain.
Vulnerabilities in applications developed for the Commonwealth of Pennsylvania contributed to a major security breach a few years back, one that state CISO Erik Avakian does not want repeated.
Customers want to be involved with their banking security, but few institutions allow them to play active roles in fraud prevention. What has to change?
It's one thing to have a data breach response team. It's quite another to ensure that team is made up of savvy personnel, says Brian Dean, a former privacy executive for KeyBank.
Physician group practices, many of which are adopting their first electronic health record system, need to make staff training on privacy and security issues a top priority, says Susan Turney, M.D., the new CEO at the Medical Group Management Association.
Data breaches are all about reputational risk, says attorney Lisa Sotto. And as legal requirements grow, attorneys must play increasingly integral roles in helping clients respond to incidents.
The ongoing delay in the release of final versions of HIPAA modifications and the HIPAA breach notification rule makes it more difficult for healthcare organizations to set information security investment priorities, says hospital privacy officer Kari Myrold....
It's a new wave of cybercriminal behind the latest major data breaches, says breach expert Lucy Thomson. And these incidents are resulting in a new generation of breach notification laws globally.
Jacob Olcott says Congress' failure to enact comprehensive cybersecurity legislation over the past half decade doesn't mean lawmakers haven't influenced IT security policy.
ACH fraud victim Mark Patterson says small businesses like his welcome improved online security measures from banking institutions. But is the new FFIEC Authentication Guidance sufficient? Patterson says no.
A lack of ongoing HIPAA compliance training increases the risk of internal breaches, says Terrell Herzig, information security officer at UAB Medicine.
Winning senior executive support for information security spending requires "a solid business case of justifications," says Christopher Paidhrin, security compliance officer at PeaceHealth Southwest Medical Center.
Ramped up HIPAA enforcement is a big reason behind the No. 1 information security priority for the coming year: improving regulatory compliance, says attorney Adam Greene.
Bank of America's Keith Gordon says securing the mobile channel is much like securing any other banking channel: Controlling risks requires layers of security and controls. But educating customers plays a key security function, too.
One reason why so many healthcare organizations are not well-prepared to counter security threats is that "key leadership has not bought into the whole process," says Bob Krenek of Experian® Data Breach Resolution.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.com, you agree to our use of cookies.
