President Obama urged Congress in his State of the Union address to pass legislation to better meet the evolving cyberthreat, but spent very little of the speech explaining its dangers or detailing his cybersecurity legislative agenda.
New York State Attorney General Eric Schneiderman proposes updating state law to require businesses, including out-of-state firms with New York customers, to implement new safeguards to protect personal consumer data they store.
The inappropriate use and disclosure of patient information for marketing purposes by an insurer in Tennessee offers a reminder of the importance of complying with HIPAA's marketing-related provisions.
North Korean leader Kim Jong-un was set to star in a satirical video game, in which he battled the forces of imperialist oppression with the help of unicorns and narwals - until hackers apparently disrupted game development.
President Obama's call for enactment of a national data breach notification law has been widely welcomed by business groups and privacy advocates, but their endorsements come with a big proviso: What's in it? The White House hasn't furnished details.
A new law in New Jersey, enacted in reaction to data breaches, requires health insurers that provide coverage in the state to encrypt personal information, going beyond the addressable requirements of HIPAA.
The Paris terrorist attacks could make it more likely Congress will renew the USA Patriot Act and less likely that lawmakers will curtail a program to collect metadata on telephone conversations of Americans.
Bankers are criticizing one federal regulatory agency for how it has responded to a breach of unencrypted consumer data that occurred during a routine banking exam. They're saying regulators should focus more on their internal security practices.
Preliminary results of the fourth annual Healthcare Information Security Today survey indicate that information security leaders have big concerns about their business associates. There's still time left to participate in the study.
A recent interview about why retailers say EMV without the PIN is a fruitless fraud-fighting effort has spurred debate among retailers and bankers. In the end, though, bankers' resistance to PIN is all about time and money.
As the 114th Congress convenes this week at a time of growing public awareness of security breaches, it's expected to consider cyberthreat information sharing measures. But can the White House and Congress resolve past differences over the legislation?
As healthcare organizations step up their efforts this year to exchange more patient data with others to improve care, it's urgent that they address the "significant risks" involved, says Erik Devine, chief security officer at an Illinois hospital.
After the complete collapse of network security at Sony Pictures - in the wake of its data breach - it's important that we highlight some of the organization's fundamental security mistakes. Here's a macro view of the lessons we must all learn.
In the wake of a data breach that followed a routine regulatory, a former regulator is asking why the agency failed to disclose the breach sooner, and why it has not accepted more responsibility for its error.