Mac McMillan, CEO of the information security consulting firm CynergisTek, explains in an interview why he sold the company he co-founded 13 years ago to healthcare document management firm Auxilio Inc., and what's planned next.
A researcher claims WhatsApp has dismissed his finding that there's a backdoor in the application that could allow attackers to unlock encrypted messages. But the controversy is more nuanced - and for most of us, much less threatening - than it might first appear.
HHS has issued new health data privacy guidance and announced a contest to create an online "model privacy notice generator." Plus, it's issued a reminder about the importance of reviewing and securing audit logs to help prevent and detect breaches.
A list of "super user" passwords - and a default username - now circulating online appears to allow unauthorized access to some webcam video streams, security researchers warn. If confirmed, it would be yet another massive internet of things security failure by a device manufacturer.
The Health Insurance Portability and Accountability Act (HIPAA) just celebrated its 20th anniversary in 2016 as one of the most significant pieces of healthcare-related legislation in U.S. history. Once viewed as a "paper tiger," it has taken many years for the full impact of HIPAA's data security provisions to be...
A U.K. Information Commissioner's report on its investigation into a 2015 TalkTalk breach offers essential information security takeaways for any organization that wants to avoid being breached, says David Stubley of 7 Elements.
The transition to a new presidential administration makes forecasting for HIPAA enforcement activity in 2017 difficult, says privacy attorney David Holtzman of the consultancy Cynergistek, who sizes up what the HHS Office for Civil Rights might do this year.
A federal court recently ruled that the structure of the Consumer Financial Protection Bureau, which is led by a single director, is unconstitutional. Cybersecurity attorney Chris Pierson assesses whether the potential restructuring of the CFPB could have any impact on the bureau's oversight of banks.
In an effort to help advance secure nationwide health data exchange, federal regulators have released an updated online tool to help healthcare entities and technology developers sort through critical standards and implementation specifications. Learn why some thought leaders are giving the guide a thumbs up.
How Are Leading Institutions Finding the Balance Between Effective Cybersecurity and a Seamless Customer Experience?
It's every banking institution's quandary: How do you introduce the right cybersecurity controls to protect customer accounts and transactions - but without introducing new hurdles that might...
The National Governors Association, in a new road map for improving nationwide secure health data exchange, proposes that states attempt to better align their privacy laws to the federal HIPAA Privacy Rule to help remove legal barriers.
Synchronoss' Tracy Hulver on New Identity Strategies for Connected Healthcare Threats
Attackers have healthcare entities in their crosshairs, and their favorite targets are easily compromised credentials. Tracy Hulver of Synchronoss Technologies offers new ideas for how security leaders can reduce risk and protect...
The impact of the patient data privacy and security provisions of the 21st Century Cures Act, signed into law Dec. 13, will depend, in part, on who is chosen to study key issues and come up with recommendations, says attorney Steven Teppler.
Over the years, HHS has released several guidance documents, but all are weak and without mandates as it relates to identity management and authentication of entities accessing protected health information. Guidance typically includes words like "may" and "should," but rarely include words like "shall" or "must."