"We never negotiate" might be the expectation whenever law enforcement or government agencies get targeted by criminals or even "cyberterrorists." But outside Hollywood, the reality too often turns out to be far less rigid.
For only the second time, federal regulators have slapped a healthcare entity with a civil monetary penalty in a case involving egregious HIPAA violations. Find out why Lincare Inc. was fined after a privacy incident affecting just 278 patients.
Sometimes language barriers can be a good thing: Many malware-wielding cybercriminals have historically targeted users in North America and Europe over Japan, owing to linguistic challenges. But that's changing.
Here's why the acquisition of rival threat-intelligence firm iSight Partners by breach investigation heavyweight FireEye makes sense, and why market watchers predict that other stand-alone intelligence firms will soon get snapped up.
The FFIEC's Cybersecurity Assessment Tool needs to be redesigned, as the tool's current design sets institutions up for cyber-risk assessment failure. Industry leaders say they're hopeful that change is on the way because the FFIEC is reviewing a second wave of comments about the tool's efficacy.
If federal regulators pull the plug on the HITECH Act's "meaningful use" incentive program for electronic health records, they must devise bold new ways to help ensure that data stored in EHR systems is secure.
The discovery of a serious remote code execution flaw in Trend Micro's consumer security software - now patched - is a reminder that even security software has code-level flaws. But shouldn't security vendors be held to a higher standard than others?
Four years after European criminals exploited EMV implementation vulnerabilities to steal an estimated $650,000, security experts say not all banks have adopted full fixes. But the payment card industry contends related mitigations are in place and working.
To guard against health data breaches, healthcare organizations must demand more proof that their business associates are safeguarding patient data and mitigating related risks, says privacy and security expert Daniel Schroeder.
In its sixth HIPAA resolution agreement so far in 2015, the HHS Office for Civil Rights has announced a settlement with the University of Washington Medicine that includes a $750,000 penalty. It's the first HIPAA enforcement case stemming from the investigation of a phishing-related breach.
Passage of cyberthreat information-sharing legislation could hinge on how the measure is presented to Congress, and its fate could be tied to a massive omnibus appropriations bill to fund the federal government for the remainder of fiscal 2016.
In the year ahead, federal regulators need to ramp up their efforts to enforce HIPAA compliance among business associates because so many lack mature security controls, argues security expert Mac McMillan of the consultancy CynergisTek.
In yet another HIPAA enforcement action by a state attorney general, the New York AG has fined the University of Rochester Medical Center after a nurse practitioner gave patients' information to her future employer without getting the patients' permission.