2011 has offered quite a number of tough lessons for security professionals. Here at (ISC)2, where security education is our focus, the close of another year raises the old teacher's question: "What have we learned, class?"
In addition to the negative publicity associated with being included on the federal tally of major health information breaches, some organizations are experiencing yet another impact of breaches: class action lawsuits.
The ongoing delay in the release of final versions of HIPAA modifications and the HIPAA breach notification rule makes it more difficult for healthcare organizations to set information security investment priorities, says hospital privacy officer Kari Myrold.
Ongoing HIPAA compliance training is key to breach prevention, says Terrell Herzig of UAB Medicine. Yet many healthcare organizations are lacking in their efforts, according to results from the Healthcare Information Security Today survey.
Results from HealthcareInfoSecurity's inaugural survey show regulatory compliance being the No. 1 information security priority for the coming year. What steps should organizations start taking before regulatory audits begin?
Winning senior executive support for information security spending requires "a solid business case of justifications," says Christopher Paidhrin, security compliance officer at PeaceHealth Southwest Medical Center.
Improving regulatory compliance efforts is the No. 1 information security priority for healthcare organizations in the year ahead. That's a key finding of the inaugural Healthcare Information Security Today survey.
Just four months after agreeing to pay an $865,000 penalty for a series of HIPAA violations, UCLA Health System has revealed a breach incident involving the theft of an external hard drive from a former employee's home.
TRICARE, the military health program, has directed its business associate, Science Applications International Corp., to offer one year's worth of free credit monitoring and restoration services to the 4.9 million affected by a recent breach.
Medtronic's announcement that it's launching an "in-depth risk/benefit analysis" following an "ethical hack" of one of its insulin pumps is good news. We hope that Medtronic and all other medical device manufacturers launch long-overdue, aggressive efforts to improve medical device safeguards.