This could be a record year for HIPAA enforcement actions by federal regulators, both in the number of resolution agreements and in the size of financial settlements resulting from breach investigations, predicts privacy attorney Adam Greene.
The "industrialization" of cybercrime, remote-access attacks and mobile-banking application and online-browser overlay attacks are trends the financial industry should monitor this year, says George Tubin of IBM Security Trusteer.
The HHS Office for Civil Rights is making progress toward launching the long awaited next round of HIPAA compliance audits, which will consist mostly of desk audits. In a critical step, it plans to release its proposed new audit protocol in April, says Deven McGraw, OCR's deputy director of health information privacy.
Debit fraud losses in Canada hit an all-time low in 2015, mainly because of the nearly complete migration to EMV and real-time settlement of debit payments, says Mark Sullivan, who heads fraud management for Interac, Canada's payment network. He offers important lessons for the U.S.
Despite the pervasiveness of data breaches, healthcare organizations are still playing catch-up on implementing strong, risk-based security programs, rather than focusing solely on HIPAA compliance, says David Finn of Symantec. He offers a preview of his session at the HIMSS 2016 Conference about a new survey.
The Department of Homeland security sees malware provenance - which identifies the attributes of malicious codes - as a way to complement its signature-based Einstein intrusion detection and prevention systems to find malware that infects IT systems.
It used to be that security was the one big barrier to organizations embracing the cloud. But Troy Kitch of Oracle says that not only is that barrier coming down, but now leaders are seeing cloud as a security enabler.
The PCI Security Standards Council will soon release an update to its PCI Data Security Standard, requiring the use of multifactor authentication for administrators who have access to card data networks. In an interview, the council's Troy Leach explains the new requirements and compliance expectations.
In an in-depth interview, CIO Ed Ricks of Beaufort Memorial Hospital in South Carolina offers insights on how the community hospital, with limited resources, is tackling breach prevention and detection. He'll be a featured speaker at the HIMSS 2016 Conference.
Automobiles have crash ratings. Do they need ratings for cybersecurity, too? In this interview, security expert Jacob Olcott of BitSight Technologies previews a session he'll moderate at the RSA Conference 2016 that will address this question.
It's the perfect time to debate whether the government should compel Apple to help the FBI circumvent protections blocking access to the San Bernardino shooter's iPhone. Hear Apple CEO Tim Cook, FBI Director James Comey, Sen. Marco Rubio and cryptologist Bruce Schneier in this audio report.
In 2015 alone, 84 million new pieces of malware were created. How can organizations hope to keep pace with the new strains and tactics? Through advanced endpoint protection, says John Peterson of Comodo.
Jeff Shaffer, a former Secret Service agent, has investigated cybercrime for more than 25 years. Now a manager at PricewaterhouseCoopers, he discusses how organizations can protect their assets better by understanding their attackers' MO.