New long-awaited federal guidance clarifies that cloud services providers that handle protected health information are nearly always considered business associates under HIPAA and, as a result, must meet the regulation's security requirements.
The U.S. intelligence community has blamed the Russian government for attempting to interfere in U.S. elections by hacking and leaking documents. It also said Russia could be behind recent attempts to probe states' election systems.
Hacker attacks continue to account for the vast majority of health data breach victims this year, according to the latest federal tally. Some security experts expect that trend will persist as long as many organizations focus narrowly on HIPAA compliance rather than larger cybersecurity issues.
An NSA contractor who worked for Booz Allen Hamilton has been accused of stealing top-secret documents that the U.S. says could endanger national security. The documents are critical to a "wide variety of national security issues," the Department of Justice says.
Information security weaknesses that a watchdog agency found at the FDA are similar to those found at many healthcare organizations, some security experts say. But the FDA should be held to an even higher standard than the organizations that implement FDA-regulated drugs and devices, they argue.
Britain's privacy watchdog agency has slammed the telecommunications company TalkTalk with a record fine of £400,000 ($511,000) for multiple information security failings that allowed a hacker to bypass access controls and exfiltrate customer data "with ease."
Britain has launched a new National Cyber Security Center to help U.K. organizations better respond to cybersecurity incidents. But Brexit is imperiling intelligence-sharing arrangements that help the U.K. battle attacks and track cybercriminals.
Yahoo built a custom software program that scanned incoming emails for a specific piece of content to comply with a classified U.S. government directive, Reuters reports. If true, did the U.S. government overstep its legal boundaries?
Enterprises should employ new modeling, simulation and intelligence tools to provide insight into potential exploitable attack vectors before an incident occurs, Michelle Cobb, vice president at Skybox Security, says in a video interview.
In a video interview, Troy Leach, CTO of the PCI Security Standards Council, explains enhanced standards designed to help ensure that POS vendors can stay ahead of new attacks aimed at defeating encryption.
The FTC has denied LabMD's request for a "stay," or delay, in implementing the regulator's final order stemming from a longstanding dispute over the cancer testing lab's information security practices. LabMD has asked an appellate court to review the case.
A new kind of malware for Mac OS X has been linked to Fancy Bear, the Russian group suspected of hacking the DNC and the World Anti-Doping Agency. But the malware only poses a low risk to users, experts say.