Organizations must guard against making three common mistakes when conducting an investigation of a data breach or fraud incident, says attorney Kim Peretti, a former Department of Justice cybercrime prosecutor.
In this week's breach roundup, read about the latest incidents, including two thefts of portable electronic devices exposing health information and a reminder to apply security controls to employee-owned devices.
In this week's breach roundup, read about the latest incidents, including the Medical University of South Carolina notifying 7,000 individuals that their credit card information was compromised as a result of a card processor breach.
If Congress were to enact a national data breach notification law, what key provisions should be included in the legislation? Public policy advocate David Valdez stresses uniformity.
The Department of Health and Human Services is seeking speedy approval of its controversial proposal to require state health insurance exchanges to report data breaches within one hour of discovery.
HHS proposes that state insurance exchanges report data breaches within one hour after discovering them. CIO Curt Kwak of the Washington state exchange explains why compliance with such a rule would be challenging.
Federal regulators are proposing that the state health insurance exchanges created under healthcare reform must report data breaches within an hour. Is that a reasonable requirement?
The FDIC, in a notice to consumers, highlights questions that customers should be asking banks about DDoS attacks. But is the notice an indicator that more regulatory oversight is ahead?
The Department of Health and Human Services conducts three types of audits or investigations involving privacy and security issues. But preparing for any of these inquiries requires similar steps, experts say.
In notifying customers of a breach, the online archiving service Evernote might have confused some customers by sending them an e-mail that contained a clickable link to be used to reset passwords - despite warning against using such links.
Consumer advocate Deven McGraw describes how a new federal rule spells out four factors that must be weighed in a risk assessment to determine if a health data breach must be reported.
Most organizations are aware of the cost of a security breach. But can they quantify the loss of trust in the wake of a security incident? Jeff Hudson of Venafi discusses the value of trust.
Even the brightest technologists aren't immune from cyber-attacks. Just ask Facebook. The social-media company says it fell victim to a sophisticated attack in which an exploit allowed malware to be installed on employees' laptops.
Security threats to healthcare organizations are on the rise - and so are regulatory requirements. Kim Singletary of McAfee discusses the top breach prevention and response challenges for healthcare organizations in 2013.
The new, much more objective guidance for reporting breaches that's included in the HIPAA omnibus rule will result in an increase in notifications, predicts privacy law expert Marcy Wilder.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.