The New Jersey state attorney general has smacked a medical practice with a $418,000 penalty for a 2016 HIPAA breach involving a vendor's misconfigured server. The case is the latest example of the risks posed by vendors.
Should federal regulators provide physicians with a free pass from having to conduct a HIPAA risk analysis or face a random HIPAA compliance audit if they implement a cybersecurity framework? That's what the AMA is proposing. Security experts weigh in with reactions.
Organizations need to carefully assess - and then verify - the data security controls their existing - and prospective - vendors have implemented, says privacy and security expert Rebecca Herold, who offers a range of vendor management tips in an in-depth interview.
Vendor risk management is becoming more critical as companies rely more on partners who have access to payment card data and other sensitive information, says Ramon Lipparoni, IT integration manager at ComAir, a South African airline. One critical step, he says, is conducting impromptu vendor audits.
What are the top security lessons that covered entities and business associates should learn from the latest HIPAA settlements? Illiana Peters, a former top HIPAA enforcer, shares her insights.
A government watchdog agency alleges that insurer Health Net of California has refused to cooperate in a security audit called for under a federal contract. Similar disputes often arise when healthcare organizations attempt to scrutinize the security practices of their vendors, some security experts point out.
Vulnerability scanning, or the process of identifying a list of known security gaps in the network environment, is the focal point for most enterprise vulnerability management programs. The use of vulnerability scanners as security assessment tools is nearly ubiquitous in large organizations. However, as network...
As damaging breaches continue to occur, more organizations are considering endpoint detection and response (EDR) solutions to address the incidents that aren't being handled adequately by their existing defenses. However, EDR solutions come in a wide variety of implementations and can vary significantly in scope and...
The fact that Federal agencies are prime targets for the most sophisticated cyber threats is undeniable. If cyberattacks are inevitable, then robust capabilities for security investigation, threat hunting, and rapid response are essential. Government cybersecurity professionals require visibility across their silos of...
A must see webcast that defines when proactive hunting is needed, and how to get started operationalizing a program internally.
The increasing number of organizations being hit by crippling "mega breaches" points to a deficiency in most standard endpoint security solutions. Today's evolving threat landscape...
Organizations in the Middle East and Central Asia are beginning to respond to the nuances of the evolving threat landscape in the region, says Tata Communication' Avinash Prasad in this exclusive interview.
A recent incident involving an Indiana hospital that publicly admitted to paying a $55,000 ransom to unlock data following a ransomware attack - despite having backup systems - highlights the need to test data recovery plans.
Security vendor products are held to a higher standard of security. They must help their customers solve complex security problems, as well as have the most stringent security measures in place throughout the software development lifecycle. To meet those standards, many security vendors are turning to more innovative...
In 2018, digital extortion will be at the core of most cyber criminals' business model and will propel them into other schemes that will get them hefty payouts. And as environments have become increasingly interconnected, these threats are redefining how we should look at security.
Download this report and learn...
Bug bounties are fundamentally changing the way financial service organizations approach the security of the Internet, moving from the realm of novelty towards becoming best practice.
This report presents how the financial services industry is actively looking to bug bounty programs to augment their existing...
