Under what circumstances must a U.S. healthcare provider comply with the European Union's General Data Protection Regulation, which will be enforced beginning in May? In an in-depth interview, regulatory attorney Stephen Wu explains the conditions under which compliance is required.
Federal regulators have clarified that the use of texting to place orders, such as for medications or tests, on any platform - secure or not - is not allowed when treating Medicare and Medicaid patients. Security experts weigh in on key issues to consider when using texting for other purposes.
Personal details for 30,000 Medicaid recipients in Florida may have been exposed after a government employee fell victim to a phishing attack, state officials warn. The information could potentially be used to file false Medicaid claims.
Security teams are scrambling to put in place fixes for the Meltdown and Spectre flaws. But Windows users report that Microsoft's security fix for the flaws has been freezing some PCs built with CPUs from chipmaker AMD. Here are workarounds.
Federal regulators have released a draft of a trusted health information exchange framework with some detailed security components that go beyond HIPAA requirements. The goal is to advance secure national health data exchange so that clinicians have quicker access to potentially life-saving information.
The U.S. Department of Homeland Security says nearly 250,000 federal employees' personal details were exposed in a 2014 breach of its Office of Inspector General's case management system. Witness testimony and an unknown number of nonemployees' personal details also were exposed.
Microprocessor makers Intel, ARM and AMD, as well as operating system and software developers and makers of smartphones and other devices, are rushing to prep, test and ship fixes for the serious CPU flaws exploitable via Meltdown and Spectre attacks.
"Replace CPU hardware" might be the only full solution listed by CERT/CC for serious flaws in microprocessors that run millions of PCs, cloud services, servers, smartphones and other devices. Thankfully, many security experts believe patches and workarounds will mostly suffice.
CISOs need to precisely tailor their risk management strategies to protect the specific high-value assets of their organization; a broad-brushed approach will never work, says UK-based Kelly Bissell, managing director and global lead, Accenture Security.
Despite receiving requests to better align a federal rule regarding the confidentiality of substance abuse records with the requirements of HIPAA, federal regulators only made minor tweaks to the confidentiality rule. Some experts say Congress would have to take action to pave the way for further changes.
Ransomware has ascended, by some estimates, to a $1 billion industry. Although the FBI advises against paying ransoms, some organizations see it as the quickest way to recovery. Michael Viscuso of Carbon Black says that the larger problem is a failure to defend networks.
Information security truisms: 2017 was the year of more cybersecurity - more attacks, more spending, more defenses, more breaches - and 2018 will see more of everything "cyber," plus GDPR enforcement, proxy wars online and more.
From worsening ransomware attacks to deepened concerns about external digital risk, former AT&T CISO Ed Amoroso says 2018 will be a challenging year, and security teams need to be building out their resiliency plans to prepare for what's ahead.
This episode of the ISMG Security Report is devoted to producer/host Eric Chabrow's recollection of the evolution of cybersecurity news and analysis during his nine years at Information Security Media Group. Chabrow is retiring after 45 years in journalism.