Establishing an effective breach incident response program is a key component of an information risk management strategy. And NIST has issued draft guidelines to help organizations and leaders implement such a program.
Healthcare breach statistics reflect an unfortunate trend: "IT security has not really kept pace with the progress that's been made in the adoption of electronic health records," says Dan Berger, CEO of Redspin.
The hacking group Anonymous Brazil has targeted the websites of several of Brazil's top financial institutions, including Banco Bradesco and Banco do Brasil, with distributed denial-of-service attacks, leaving the sites in the dark, the Associated Press reports.
Organizations that have experienced a breach report that three lessons they learned were to limit the amount of personal information collected, limit sharing data with third parties and limit the amount of data stored, a new survey shows.
The University of Hawaii has agreed to settle a class action lawsuit involving data breaches affecting about 96,000. It agreed to provide those affected two years of free credit monitoring and credit restoration services.
Security and privacy officers for global organizations can expect increased work in protecting customer data if a proposed regulation introduced before the European Commission becomes law, cyber and privacy lawyer Francoise Gilbert says.
Members of a hacking movement known as Antisec claim to have disrupted OnGuardOnline.gov, a U.S. government website that provides consumers with online security tips, in retaliation for the controversial anti-piracy legislation before Congress.
One reason why encryption is not more broadly used in healthcare is that so many organizations lack an updated risk assessment that identifies the role the technology can play in preventing breaches, says attorney Amy Leopard.