Nuance has issued an unusual public letter to customers explaining why the medical transcription services vendor has decided not to report the NotPetya malware attack on the company to federal regulators as HIPAA breach. How did Nuance make its determination?
A hacker attack on a women's healthcare clinic that impacted 300,000 patients ranks as the second largest ransomware-related health data breach reported to federal regulators. Why did it take months before the clinic detected the malware?
HHS has made changes to a website widely referred to as the "wall of shame" that lists major health data breaches. The changes came after some members of Congress complained that the website unfairly exposes breached organizations to endless public scrutiny.
Christopher Painter, who has advocated for diplomatic engagement with cyber friends and foes alike, is leaving his post as coordinator of cyber issues at the State Department, a job he has held since early 2011.
Two GOP senators are asking federal regulators to recoup potentially millions of dollars worth of allegedly inappropriate EHR incentive payments made under the HITECH Act. If the money is clawed back, what's the potential impact on data security spending?
The plaintiffs who are suing Donald Trump's presidential campaign for conspiring with Russia and WikiLeaks over disclosing their private information stolen from Democratic Party computers could declare a moral victory even if they lose their case. Could exposing the truth be their ultimate goal?
Enterprises should be working overtime to eradicate "EternalBlue" from their networks since two massive malware outbreaks - WannaCry and NotPetya - have targeted the Windows flaw. But vulnerability scans show there's still work to be done.
Kudos to the breached business - in this case, kiosk manufacturer Avanti Markets - that quickly alerts victims and gives them actionable information for protecting themselves. Unfortunately, not all breached businesses are so forthright, as some recent data leaks demonstrate.
Regulators will not penalize healthcare providers that attested to meeting HITECH Act "meaningful use" incentive payment requirements using electronic health records from eClinicalWorks, a vendor that recently settled a false claims case with federal prosecutors.
Healthcare organizations that rely too heavily on HIPAA compliance are coming up short when it comes to security, says Jennings Aske, an attorney who's CISO at New York-Presbyterian. A far better approach, he says, is to rely on the NIST cybersecurity framework or other comprehensive frameworks.
With the exception of one large theft incident involving an insider, hacker attacks - including some involving ransomware - continue to be the leading culprits in the biggest health data breaches reported so far this year. What's next?
Worried about the use of encryption by terrorists, Australia plans to lobby its key signal intelligence partners at a meeting in Canada for the creation of new legal powers that would allow access to scrambled communications. But Australia says it doesn't want backdoors. So what does it want?
Opportunistic attackers may have breached some Parliament email accounts by brute-force guessing their way into accounts with weak passwords. But such a breach is hardly the "cyberattack" some are making it out to be.