Plenty of healthcare organizations have been stung by data breaches caused by their business associates. That's one reason why Beaufort Memorial Hospital has been taking a variety of measures to help prevent reportable incidents involving its BAs, says CIO Ed Ricks.
In this edition of the ISMG Security Report: an analysis of a major fine against a Texas hospital and its implications for how the Trump administration might enforce HIPAA rules. Also, an IRS-related phishing scheme targets businesses.
Federal HIPAA enforcers smacked a Texas pediatric hospital with a $3.2 million civil monetary penalty after investigating breaches involving unencrypted mobile devices and uncovering longstanding failures to comply with HIPAA. What lessons does the case offer?
Privacy and data security experts are sizing up how an executive order signed by President Trump that requires two regulations to be eliminated for every new regulation issued by an executive branch department or agency might affect the actions of the Department of Health and Human Services.
Offspring of the Zeus banking Trojan continue to spring to life. Functionally, however, security experts say most POS-infecting banking malware remains almost identical. So why aren't more organizations putting well-known defenses in place?
The subscription-based breach notification service LeakedSource appears to have gone dry. Security expert Troy Hunt says the privacy writing has been on the wall for the site, owing to it selling access to stolen personal data.
Privacy and security attorney Kirk Nahra offers a forecast for how the Trump administration might address various health data security issues, including HIPAA enforcement, and an assessment of the Obama administration's record on those issues.
Four years after a messy legal battle sparked by Edward Snowden using its service, the secure email provider Lavabit is back with a new platform designed to provide better privacy protection - users can select from "trustful," "cautious" or "paranoid" modes - by encrypting both email content and metadata.
As President Trump delivered his inaugural address, the White House transitioned its website from the Obama to the Trump administration. Immediately, Trump's team posted a series of position papers, including one that addressed - albeit briefly - cybersecurity.
In its second HIPAA enforcement action for 2017, HHS has slapped an insurer with a $2.2 million settlement in the wake of a relatively small breach, citing the company's lack of timely corrective action.
In this edition of the ISMG Report: An FTC complaint filed against a camera manufacturer could signal the start of a trend to regulate IoT security. Also, Donald Trump adviser Rudolph Giuliani's cybersecurity credentials are questioned, and a terrorist shooting prompts new privacy guidance.
Malware designed to get ATMs to spit out their cash - advanced when it first debuted - has been upgraded, according to a report from FireEye. Now, the Ploutus-D malware talks to legitimate ATM middleware, enabling it to target machines from 40 vendors. What does this mean for financial institutions?
Yet another study reveals that millions of people are picking weak passwords, with "123456" remaining our collective favorite. Rules requiring stronger passwords and not forcing passwords to expire both could help boost security.
Rudy Giuliani, the former New York mayor who's been tapped by U.S. president-elect Donald Trump to lead a cybersecurity corporate outreach program, runs a security consulting firm with a website that's been given a failing grade for its security.