Federal regulators have smacked a mobile heart-monitoring technology firm with a $2.5 million HIPAA settlement related to findings from an investigation into a 2012 breach involving a stolen unencrypted laptop. What factors led to the substantial penalty?
Federal regulators, in their latest HIPAA settlement, are again reminding healthcare entities about the importance of having business associate agreements with vendors that handle patients' protected health information.
President Donald Trump last week failed to meet a self-imposed, 90-day deadline to issue a report on "hacking defenses." But let's not nit-pick. After all, cybersecurity is complex - something the president is likely discovering along with healthcare and tax reform.
A class action lawsuit against telehealth software vendor MDLive shines a spotlight on regulatory gaps and other murky privacy and security issues related to the growing use of consumer health applications.
The latest chapter in the nonstop WikiLeaks saga: As U.S. government officials continue to ramp up their anti-WikiLeaks rhetoric, President Donald Trump has reportedly directed federal prosecutors to examine ways in which members of WikiLeaks could be prosecuted.
Right now in Britain three things remain certain: Death, taxes and having to comply with the EU's General Data Protection Regulation. But legislators have promised U.K. organizations will have a say in how some GDPR provisions get enacted.
Ransomware is the largest underground cybercriminal business. And like any business, entrepreneurs continue to find new ways to innovate. A Russian hacker has cobbled together a low-end ransomware kit costing just $175, aimed at anyone who seeks a file-encrypting payday.
Gov. Susana Martinez has signed legislation making New Mexico the 48th state to enact a data breach notification law. Alabama and South Dakota remain the only states without a data breach notification statute.
New York has become the first US state to issue its own set of cybersecurity rules for financial institutions. What is the potential impact on other states, other industry sectors? Paul Bowen of Arbor Networks shares insight.
Businesses that fail to block former employees' server access or spot any other unauthorized access are asking for trouble. While the vast majority of ex-employees will behave scrupulously, why leave such matters to chance?
John Kelly, in his first speech as the U.S. homeland security secretary, says the American government can't combat the cyberthreat without the active collaboration of the private sector. "The government, God knows, can't do it by itself," Kelly says.
The FDA has warned Abbott that it must submit a plan within 15 days to address previously identified cybersecurity vulnerabilities and other potential safety issues in certain cardiac devices of St. Jude Medical, which Abbott Labs acquired in January.
Good news for Microsoft Windows users: The Equation Group exploit tools dumped this month by Shadow Brokers don't work against currently supported versions of Windows, largely thanks to patches Microsoft released in March. But who tipped off Microsoft?
Too many businesses assume that the internet will be around forever, but that's faulty thinking and an impractical business practice, says Information Security Forum's Steve Durbin, a featured speaker at Information Security Media Group's Fraud and Breach Prevention Summit in Atlanta this month.
NIST's proposed update to its cybersecurity framework needs to better address specific concerns of the healthcare sector, say some industry groups commenting on the recently released draft. So, what are they asking NIST to do?
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.