About three dozen major health data breaches have been added to the federal tally in recent weeks, including a mix of hacking and unauthorized access/disclosure incidents. Here's an analysis of the latest statistics and the reasons behind the trends.
Are too many healthcare organizations and their business associates skimping on physical security measures for safeguarding patient records? Federal regulators seem to think so.
A coherent risk analysis program tailored to the organization is a vital component of any effort to improve cybersecurity and meet regulatory requirements, says attorney Shawn Tuma.
Federal regulators are proposing an overhaul to the "meaningful use" electronic health record incentive program. But current program requirements for conducting a security risk analysis would stick.
Technological advances that are sweeping the financial sector by storm have brought new ways for users to access their data on the go but it also presents new challenges for financial institutions to protect their customers' personal data. Every financial institution needs to implement a comprehensive approach to...
The New Jersey state attorney general has smacked a medical practice with a $418,000 penalty for a 2016 HIPAA breach involving a vendor's misconfigured server. The case is the latest example of the risks posed by vendors.
Should federal regulators provide physicians with a free pass from having to conduct a HIPAA risk analysis or face a random HIPAA compliance audit if they implement a cybersecurity framework? That's what the AMA is proposing. Security experts weigh in with reactions.
Organizations need to carefully assess - and then verify - the data security controls their existing - and prospective - vendors have implemented, says privacy and security expert Rebecca Herold, who offers a range of vendor management tips in an in-depth interview.
What are the top security lessons that covered entities and business associates should learn from the latest HIPAA settlements? Illiana Peters, a former top HIPAA enforcer, shares her insights.
A government watchdog agency alleges that insurer Health Net of California has refused to cooperate in a security audit called for under a federal contract. Similar disputes often arise when healthcare organizations attempt to scrutinize the security practices of their vendors, some security experts point out.
Vulnerability scanning, or the process of identifying a list of known security gaps in the network environment, is the focal point for most enterprise vulnerability management programs. The use of vulnerability scanners as security assessment tools is nearly ubiquitous in large organizations. However, as network...
As damaging breaches continue to occur, more organizations are considering endpoint detection and response (EDR) solutions to address the incidents that aren't being handled adequately by their existing defenses. However, EDR solutions come in a wide variety of implementations and can vary significantly in scope and...
The fact that Federal agencies are prime targets for the most sophisticated cyber threats is undeniable. If cyberattacks are inevitable, then robust capabilities for security investigation, threat hunting, and rapid response are essential. Government cybersecurity professionals require visibility across their silos of...
Federal regulators are warning healthcare entities and business associates to take action to prevent becoming the next victim of cyber extortion, such as a ransomware attack. What are the recommended steps? And what other insights do experts offer?
A must see webcast that defines when proactive hunting is needed, and how to get started operationalizing a program internally.
The increasing number of organizations being hit by crippling "mega breaches" points to a deficiency in most standard endpoint security solutions. Today's evolving threat landscape...
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.
