The No. 1 reason Congress, after five years of intensive efforts, has yet to enact comprehensive cybersecurity legislation is differences over how much liability protection to grant businesses to get them to share cyberthreat information.
An address by FBI Director James Comey at the RSA security conference seems to equate civil liberties and privacy. But when he offers an example of balancing Americans' rights with cybersecurity, he mainly refers to the civil liberties, not privacy.
A new guide from WEDI offers some basic tips for organizations assessing incidents under the HIPAA Omnibus breach notification rule. But it's important to address additional factors for effective beach assessment and response, two experts say.
Covered entities and business associates will be under heightened data privacy and security scrutiny in 2014. But experts say there are several basic steps those organizations can take to ensure HIPAA compliance.
Another federal investigation of a relatively small health data breach has resulted in a financial penalty, this time for a physician group practice in Massachusetts. Find out the details behind the settlement.
Cottage Health System in California says patient information was apparently exposed on Google for 14 months because of a lapse in a business associate's protections for one of its servers. Experts discuss the implications for the BA.
New payment card security standards issued by the PCI Council include a number of improvements, plus some glaring omissions, such as requirements for mobile, security experts say. What are their chief concerns?