HHS says it has launched "phase two" of its HIPAA compliance audit program, portraying this as another interim step toward a permanent program. But will Congress ever approve enough funding to ramp up audits?
The PCI Security Standards Council envisions a single, globally-unified data security standard. Now that the European Card Payment Association is a strategic regional member, that goal is significantly closer, says Jeremy King, the council's international director.
The Department of Justice has been granted a delay of a March 22 hearing relating to a court order compelling Apple to help the FBI unlock the iPhone 5C issued to San Bernardino shooter Syed Rizwan Farook. That's because it says it may have found a way to unlock the phone without Apple's assistance.
A watchdog agency's audit of the Department of Veterans Affairs makes nearly three dozen recommendations for how the VA should address "material weakness" in its information security program. The VA's CIO tells Congress all the issues raised will be addressed by the end of next year.
In its second HIPAA settlement revealed this week, federal regulators smacked a New York-based medical research institute with a multimillion dollar penalty after investigating a breach tied to the theft of an unencrypted laptop containing data on several thousand patients and participants in a research project.
In revised guidance, the National Institute of Standards and Technology cautions enterprises to assume that "external environments contain hostile threats" as they establish programs to allow employees and contractors to remotely access critical systems.
Federal regulators have imposed a $1.55 million penalty on a Minnesota healthcare system as part of a settlement following an investigation of a breach involving a business associate. The vendor has already been sanctioned by two other government entities for the same stolen laptop incident.
Attackers have targeted an unknown number of Russia's 700 banks with bogus security-alert emails. The combination of official-looking infrastructure and digitally signed malware recalls the Anthem attack, among other campaigns.
Although most breach-related class action lawsuits fail, a multimillion dollar settlement of a suit stemming from a data breach at St. Joseph Health System in California illustrates how egregious breaches can have serious financial consequences.
Apple has unloaded another blistering legal response to the Justice Department over the court order obtained by the FBI that requires the company to help unlock an iPhone used by one of the San Bernardino shooters.
In a lawsuit, two small merchants say they, and many other retailers, are unfairly being forced to pay fraud-related expenses as a result of the EMV liability shift even though they converted to EMV technology by the card brands' deadline. Fraud prevention experts analyze the implications of the case.
In an unusual twist, a missing unencrypted laptop containing data on nearly 206,000 patients has been returned by mail to Premier Healthcare, a physician group practice in Indiana. But some experts say the organization might have violated the HIPAA Security Rule.
The HHS Office for Civil Rights is moving too slowly in issuing HIPAA guidance related to mobile health apps, cloud storage and other emerging technologies, according to a bipartisan group of congressmen. Does OCR have too much on its plate?