With Alabama and South Dakota recently becoming the last two states to adopt breach notification laws, notification processes become more complicated, says privacy attorney Adam Greene, who offers an in-depth analysis.
FireEye has noticed an emerging trend: Breach investigations are increasingly prompting audits intended to ensure publicly traded companies are compliant with Sarbanes-Oxley. IT has changed dramatically since SOX became effective 16 years ago. Here's what to keep in mind.
The high-profile breaches of Fortune 100 companies are the ones that get the headlines, but small and midsized businesses should not breathe any sighs of relief. They are very much still targets, says Austin Murphy of CrowdStrike. He offers cybersecurity advice to SMBs.
The New Jersey state attorney general has smacked a medical practice with a $418,000 penalty for a 2016 HIPAA breach involving a vendor's misconfigured server. The case is the latest example of the risks posed by vendors.
Should federal regulators provide physicians with a free pass from having to conduct a HIPAA risk analysis or face a random HIPAA compliance audit if they implement a cybersecurity framework? That's what the AMA is proposing. Security experts weigh in with reactions.
Facebook CEO Mark Zuckerberg says the social networking company is already complying with parts of Europe's GDPR privacy legislation, but it won't comply with all of its requirements worldwide. Zuckerberg's comments are likely to rile critics following the uproar around voter-profiling firm Cambridge Analytica.
CISOs increasingly are summoned to present to their Boards of Directors. But too often these presentations fail to frame the right topics with the right metrics, says Jacob Olcott of BitSight. He offers advice for maximizing the opportunity in front of the Board.
Leading the latest edition of the ISMG Security Report: Ransomware hits the city of Atlanta, Baltimore's 911 system as well as aviation giant Boeing. Plus, WikiLeaks and its Julian Assange get taken for a ride by Russian intelligence.
Federal regulators are considering potential changes to HIPAA privacy rule and enforcement regulations, but aim to first engage the healthcare sector and public for input, says the nation's top HIPAA enforcer. So, what changes are being considered?
Despite the White House's request for deep budget cuts, Congress passed and President Trump signed into law last week flat funding for the current fiscal year for the two federal agencies responsible for health information privacy and security issues, including HIPAA enforcement.
Security experts analyze the potential impact of recently announced changes to the PCI Security Standards Council's Qualified Integrators and Resellers Program that are designed to help smaller merchants prevent breaches.
A class action lawsuit is seeking millions of dollars in damages for plaintiffs after yet another mailing-related health data breach involving sensitive HIV-related information allegedly visible through envelope windows.
Recent financial reports from three healthcare sector organizations that suffered cyberattacks demonstrate how costly data breaches can be for not-for-profit healthcare providers and for-profit companies alike.
Facebook CEO Mark Zuckerberg broke five days of silence as pressure intensifies on Facebook to account for a data leak to a voter-profiling firm that worked for the Trump campaign. In a lengthy blog post, Zuckerberg has pledged to make changes to better protect personal data. But is it too late?