It's been four years since federal officials began tracking major healthcare data breaches. What important lessons can be learned from the causes of these breaches as well as HIPAA enforcement actions by federal regulators?
Too many organizations are spending far too much money on gathering big data that they cannot put to good use, such as for fraud prevention, says IDC analyst Jerry Silva, who stresses that investments must have strategic value.
In this week's breach roundup, read about the latest incidents, including a Florida hospital notifying 9,900 patients that a former employee inappropriately accessed their records with the apparent intent to commit fraud.
Successfully implementing the SANS 20 Critical Security Controls requires far more than just deploying systems, platforms or services. Experts offer insights on effective strategies for leveraging technical controls.
Hackers allegedly trafficking in personally identifiable data have reportedly breached the computers of three major data aggregators, raising doubts about knowledge-based authentication as a tool to verify identity.
Although the U.S. and Chinese governments blame one another for cybermischief, they should collaborate to battle common cyberthreats, says Christopher Painter, the State Department's top cyberdiplomat.
Faced with the growing threat of breaches, cyber-attacks and fraud, more organizations are building robust incident response strategies that identify how an investigation would proceed. Experts offer insights on effective investigation management.
Federal regulators plan to launch a permanent HIPAA compliance audit program in 2014 that targets a larger number of organizations but covers a narrower scope of issues. Learn the details the nation's top HIPAA enforcer revealed.
More than 1,000 banks will test their incident response strategies by participating in a simulated cyber-attack exercise. SWACHA's Dennis Simmons says the drill, which is open to more participants, will help bolster defenses.
Version 3.0 of the Payment Card Industry Data Security Standard, to be released later this year, will include a focus on the standardization of compliance assessments, says Bob Russo of the PCI Security Standards Council.
Comptroller of the Currency Thomas Curry's comments in a Sept. 18 speech could be an early indication that regulators will put more pressure on banks and service providers to fill cybersecurity gaps, some observers say.
The FDA has issued a final rule for a medical device identification system that aims to make it easier and more efficient to track adverse events, including problems caused by cybersecurity issues, such as malware.