Deven McGraw, co-chair of the Privacy and Security Tiger Team that's advising federal healthcare regulators, explains why she's frustrated by delays in rolling out new regulations to protect electronic health records and safeguard the exchange of patient information.
Healthcare organizations should carefully document all necessary breach investigation and notification actions and responsibilities to avoid chaos when an incident occurs, says Dawn Morgenstern, privacy official at the Walgreens national drugstore chain.
2011 has offered quite a number of tough lessons for security professionals. Here at (ISC)2, where security education is our focus, the close of another year raises the old teacher's question: "What have we learned, class?"
Calif.-based grocer Save Mart confirms dozens of reports by employees and customers about account compromises linked to the merchant's recent breach. Are these incidents linked to a larger, organized crime ring?
Contra Costa County, Calif., has sent out notification letters to residents whose names were referenced in a public document posted to the county's website regarding debts owed to the Health Services Department.
It's a corporate account takeover scheme - with a twist. The scam involves money mules and distributed denial of service attacks. "This is an entirely different scenario," says Mike Smith of Akamai Technologies.
Physician group practices, many of which are adopting their first electronic health record system, need to make staff training on privacy and security issues a top priority, says Susan Turney, M.D., the new CEO at the Medical Group Management Association.
A card compromise at a California-based grocery chain has raised questions about the efficacy of PCI-DSS. Experts say even if merchants are compliant, fraudsters can easily get around the security measures.