Recent changes by the HHS to the certification program for electronic health record software could potentially weaken efforts to ensure EHRs meet federal requirements, including those that impact security, says attorney Maya Uppaluru, who formerly was on the HHS staff.
The deadly hurricane season has prompted federal regulators to issue several specific HIPAA waivers in recent weeks. But are such waivers really necessary? And what actions can healthcare providers take during a crisis even without a waiver?
In North America, many organizations mistakenly believe the European Union's General Data Protection Regulation won't impact them, says Robert Mills of the Information Security Forum. "If they are multinational and holding EU data, it does apply to them," he points out.
Equifax is facing increased scrutiny from Congress, including a bill that would mandate free credit freezes for consumers, on demand. But a true fix would require Congress to give U.S. government consumer watchdogs more power.
Through an ongoing series of Healthcare Security Readiness workshops, key gaps in how healthcare organizations defend against cybercrime hacking have emerged. Has your organization assessed and mitigated gaps in security...or are even aware of what they are?
In the following ISMG interview transcript, David...
An ongoing series of Healthcare Security Readiness workshops reveals some key gaps in how healthcare organizations defend against cybercrime hacking. How should entities assess and mitigate these gaps? David Houlding of Intel shares insights.
The notion of patching the most critical vulnerabilities is outdated and ineffective thanks to today's black market for exploit kits, says Kevin Flynn of Skybox. Evaluating the exposure and context of holes in your organization is crucial to shoring up defenses, he says.
The landscape of user authentication is changing rapidly. A vanishing perimeter and the continuing explosion of cloud-based applications and mobile devices are blurring old boundaries - creating more islands of identity and forcing organizations to reimagine identity and access strategies. And, with four out of five...
Oracle's Joshua Brooks understands why those charged with information security compliance can, at times, be overwhelmed when they must deal with frameworks associated with PCI, HIPAA, FedRAMP, ISO 270001 and NIST 800-53, to name a few.
Often, security leaders will look for an industry standard or best practice to help them navigate through the minefield. A recent Rsam survey revealed that
87% of InfoSec leaders said they plan to incorporate NIST CSF into their risk and compliance strategy.
NIST CSF can help CISOs understand their organization's...
Angler phishing targets customers of financial services firms more often than any other industry. When a customer tries to connect to with you, the attacker responds through a lookalike social media account and tries to obtain your customer's account credentials. This can lead to real monetary losses, a damaged brand,...
Verizon has made a strong case for continual PCI DSS awareness with its new study of payment card data security. But like many vendors that conduct their own studies supporting their business cases, Verizon makes suspect logical stretches.
Today's business climate is one of unprecedented regulatory growth, data complexity and cybersecurity concerns. There is a corresponding increase in media attention, customer awareness and Board-level scrutiny.
Organizations must demonstrate that they have a viable process for managing risk and compliance (broadly...