The nation's HIPAA enforcement agency has dramatically ramped up its issuance of breach-related financial penalties. In the ninth enforcement action of 2016, it slapped University of Mississippi Medical Center with a $2.75 million fine after a breach investigation revealed big security woes.
There's no doubt the cyber threat landscape is vast and complex. These days, it's not a question of whether a company will experience a data breach - it's when and how extensive.
Understanding the true cost of a breach is critical to an effective response. The 2015 NetDiligence® Cyber Claims Study breaks down the...
A spate of high-profile, high-impact cyber breaches at several of the largest financial institutions in the United States has brought attention to a point that cybersecurity professionals have long taken as an article of faith: boards of directors need to take an active role in the management of cyber risk.
As stated in a recent issue of the FDIC's Supervisory Insights, the risks presented by cyber attacks have become "one of the most critical challenges [in the last decade] facing the financial services sector due to the frequency and increasing sophistication of cyber attacks." In just a year's time, 2014 to 2015,...
Regardless of how many security controls are placed on a network and the components that are involved in making a network operate, there will always be vulnerabilities in a connected world. So, what do you do in an environment that allows for such risk of compromise?
One of the best methods of protecting...
The federal agency that enforces HIPAA has been very busy lately, taking numerous steps to reiterate the importance of safeguarding patient data and stressing the need to prepare a breach response plan. But the agency still needs to improve transparency on breaches involving business associates.
A government watchdog warned four federal agencies that they must be more diligent in implementing their cybersecurity programs. Otherwise, some of the government's most sensitive information is at risk of being disclosed to unauthorized individuals.
After blaming a recent spate of bank robberies on banks' poor information security practices, SWIFT has changed its tune. Now it says it wants to help financial firms spot related fraud and better share information about unfolding threats.
Organizations chosen for remote "desk audits" of their HIPAA compliance, which will begin this summer, need to be prepared to quickly provide supporting documentation, Deven McGraw, deputy director of health information privacy at the HHS Office for Civil Rights, explains this in-depth audio interview.
Anonymous is threatening global banks with 30 days of distributed denial-of-service attack disruptions and temporarily disrupted the Bank of Greece website as a preview. Security experts say all banks should take the DDoS threat seriously.
The Joint Commission, which accredits healthcare organizations, has reversed its long ban on physicians and other clinicians using text messaging to place orders related to patient care, citing technology advances that enable more secure communication. But users must comply with a list of requirements.
A jury's decision to award $940 million in damages to electronic health records software vendor Epic Systems, which had sued India's Tata Consultancy Services alleging theft of trade secrets, serves up lessons about the importance of restricting access to all sensitive data, including intellectual property.
Now that the Department of Health and Human Services has announced that it will soon begin the next round of HIPAA compliance audits, organizations need to take specific steps to prepare in case they're chosen for scrutiny, says attorney Robert Belfort, a regulatory specialist.
Smaller hospitals and clinics must avoid the common mistake of thinking they won't fall victim to cyberattacks, warns risk management expert Tom Andre, vice president of information services at the Cooperative of American Physicians.
Federal regulators have imposed a $1.55 million penalty on a Minnesota healthcare system as part of a settlement following an investigation of a breach involving a business associate. The vendor has already been sanctioned by two other government entities for the same stolen laptop incident.