The Data Security Act of 2015, approved by the House Financial Services Committee, would create a national data breach notification requirement and spell out data security standards businesses must follow, usurping 47 state laws.
In the year ahead, federal regulators need to ramp up their efforts to enforce HIPAA compliance among business associates because so many lack mature security controls, argues security expert Mac McMillan of the consultancy CynergisTek.
A U.S. House committee recently passed legislation that's aimed at helping law enforcement bring to justice cybercriminals from other nations who buy and sell payment card data stolen from U.S. citizens. But would it really help the global fight against cybercrime?
Turns out electronic learning products can be bad for children's privacy - and for their parents too. The VTech breach highlights how, despite repeated warnings, too many manufacturers continue to not take security seriously.
In yet another HIPAA enforcement action by a state attorney general, the New York AG has fined the University of Rochester Medical Center after a nurse practitioner gave patients' information to her future employer without getting the patients' permission.
Determining the "fairness" of Target's proposed $39 million settlement with financial institutions affected by the retailer's 2013 breach is impossible until we find out the answers to many questions, including how many banks and credit unions qualify.
Target Corp. has reached a proposed $39.4 million settlement with a group of financial institutions that sued the retailer over fraud losses and expenses suffered as a result of Target's December 2013 data breach.
In the second largest financial penalty ever issued as part of a HIPAA resolution agreement, federal regulators have smacked Puerto Rico-based health insurer Triple-S Management with a $3.5 million fine as a result of multiple breaches. It's the company's second large fine from a government agency.
Ireland's Cyber Crime Conference in Dublin drew a capacity crowd for a full day of security briefings, networking, hotly contested capture-the-flag and secure-coding challenges, as well as a chance to sharpen one's lock-picking skills.
TalkTalk's confusion in the wake of its recent data breach, as well as mangling of technical details and failure to encrypt customer data, demonstrate the importance of having an incident-response plan ready in advance of any breach, experts say.
Federal regulators have announced an $850,000 HIPAA settlement with Lahey Hospital and Medical Center stemming from an investigation into the theft of a laptop that was used to operate a medical device.
Attorneys general in nine states say card issuers should move to chip-and-PIN, rather than chip-and-signature, as they roll out EMV. But are other issues, such as wider use of encryption and tokenization, more worthy of attention?
In the age of payment card breaches, PCI compliance is a top priority for merchants and organizations that process electronic payments. But what difference does it make when its PCI compliance in the cloud? Steve Neville of Trend Micro shares insight.
Too many security awareness and education programs fail because they're boring, says Lance Spitzner, research and community director for the SANS Institute's "Securing the Human" program. Read his suggested fixes.