Another federal investigation of a relatively small health data breach has resulted in a financial penalty, this time for a physician group practice in Massachusetts. Find out the details behind the settlement.
One key way to reduce the risk of a breach is continuous improvement of information security programs. It's dangerous to put security controls in place and then walk away, thinking you're finished, warns security expert Kate Borten.
Version 3.0 of the PCI Data Security Standard goes into effect Jan. 1, 2014. What steps should organizations be taking to prepare for implementation of the standard? Troy Leach and Bob Russo of the PCI Security Standards Council explain.
President Obama defends the National Security Agency's bulk-collection initiative, but suggests he may adopt some of the recommendations presented by a panel that proposes changes in the NSA's surveillance program.
Cottage Health System in California says patient information was apparently exposed on Google for 14 months because of a lapse in a business associate's protections for one of its servers. Experts discuss the implications for the BA.
Jeh Johnson, the new secretary of Homeland Security, is expected to become one of the top advocates of the administration's cybersecurity policy as the White House shifts more IT security responsibilities to DHS.
Chase says hackers compromised servers for the bank's UCard Center website for prepaid card accountholders, potentially exposing card numbers. The bank is not reissuing cards, but it's offering free credit monitoring.
NIST will soon start writing the "final" version of its cybersecurity framework, a guide to information security best practices for operators of the nation's critical infrastructure. But should it be beta tested?