A government watchdog warned four federal agencies that they must be more diligent in implementing their cybersecurity programs. Otherwise, some of the government's most sensitive information is at risk of being disclosed to unauthorized individuals.
Organizations chosen for remote "desk audits" of their HIPAA compliance, which will begin this summer, need to be prepared to quickly provide supporting documentation, Deven McGraw, deputy director of health information privacy at the HHS Office for Civil Rights, explains this in-depth audio interview.
A recent spate of spam emails has been tricking users into installing JavaScript-based downloaders, which then download and install Locky and TeslaCrypt ransomware, Microsoft warns. Security experts detail top defenses.
HHS says it has launched "phase two" of its HIPAA compliance audit program, portraying this as another interim step toward a permanent program. But will Congress ever approve enough funding to ramp up audits?
The Justice Department's appeal of a court order that the government can't compel Apple to unlock an iPhone used by an accused drug dealer is significant because it sets in motion a process that could lead to a Supreme Court ruling on whether mobile device makers must give law enforcement an encryption backdoor.
A thriving market now exists to help cybercriminals recruit new talent, says Rick Holland of the threat intelligence firm Digital Shadows, which has been studying how cybercriminals advertise for new recruits - and the types of technology skills that are most in demand.
The U.S. government's intrusion detection and prevention program known as Einstein has limited ability to detect breaches of federal information systems, according to a new Government Accountability Office report.
Banking institutions and associations are demanding that the Federal Financial Institutions Examination Council make significant changes to its Cybersecurity Assessment Tool. What action, if any, will regulators take in response?
Security experts say the conclusions of an inspector general's report on how the Nuclear Regulatory Commission contracts the administration of security operation centers also applies to other government agencies and private businesses.
Slamming a Ukrainian energy provider for recently falling victim to a spear-phishing email and Excel macro attack might be easy. But security experts recommend all organizations use the incident to ensure they won't fall victim to copycat attacks.
An inspector general report on a Federal Reserve audit raises more questions than it answers regarding the security risks facing one of the Fed's information systems. The executive summary of the audit fails the transparency test to inform the public.
The HHS Office for Civil Rights will dramatically ramp up its HIPAA enforcement activities in 2016, fueled by a financial infusion from recent fines in HIPAA cases, predicts privacy attorney David Holtzman of CyngergisTek, a former OCR senior adviser.
New guidance for cyber-resilience, vendor management and breach notification are expected for New York state banks in early 2016. And the tone set by these guidelines may have a ripple effect, influencing the actions of federal banking regulators.
A federal audit of three California Medi-Cal (Medicaid) managed care organizations found dozens of "high risk" security control vulnerabilities. But security experts say the problems identified, unfortunately, are common throughout the healthcare sector.
A U.S. House committee recently passed legislation that's aimed at helping law enforcement bring to justice cybercriminals from other nations who buy and sell payment card data stolen from U.S. citizens. But would it really help the global fight against cybercrime?
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.