After blaming a recent spate of bank robberies on banks' poor information security practices, SWIFT has changed its tune. Now it says it wants to help financial firms spot related fraud and better share information about unfolding threats.
Organizations chosen for remote "desk audits" of their HIPAA compliance, which will begin this summer, need to be prepared to quickly provide supporting documentation, Deven McGraw, deputy director of health information privacy at the HHS Office for Civil Rights, explains this in-depth audio interview.
Anonymous is threatening global banks with 30 days of distributed denial-of-service attack disruptions and temporarily disrupted the Bank of Greece website as a preview. Security experts say all banks should take the DDoS threat seriously.
The Joint Commission, which accredits healthcare organizations, has reversed its long ban on physicians and other clinicians using text messaging to place orders related to patient care, citing technology advances that enable more secure communication. But users must comply with a list of requirements.
A jury's decision to award $940 million in damages to electronic health records software vendor Epic Systems, which had sued India's Tata Consultancy Services alleging theft of trade secrets, serves up lessons about the importance of restricting access to all sensitive data, including intellectual property.
Now that the Department of Health and Human Services has announced that it will soon begin the next round of HIPAA compliance audits, organizations need to take specific steps to prepare in case they're chosen for scrutiny, says attorney Robert Belfort, a regulatory specialist.
Smaller hospitals and clinics must avoid the common mistake of thinking they won't fall victim to cyberattacks, warns risk management expert Tom Andre, vice president of information services at the Cooperative of American Physicians.
Federal regulators have imposed a $1.55 million penalty on a Minnesota healthcare system as part of a settlement following an investigation of a breach involving a business associate. The vendor has already been sanctioned by two other government entities for the same stolen laptop incident.
While hacker attacks increasingly pose threats to electronic patient data, yet another healthcare provider has reported a major breach involving the improper disposal of paper and film records. The number of individuals being notified makes this the biggest reported health data breach of its kind.
Because cybercriminals are targeting the healthcare sector, organizations must regularly assess the security risks in all their applications, not just those containing protected health information, says risk management expert Angel Hoffman.
Despite their limited resources, smaller healthcare provider organizations must overcome "paralysis" and ramp up efforts to safeguard information systems or risk becoming potential gateways for breaches at larger organizations, says Michael Kaiser of the National Cyber Security Alliance.
Banking institutions and associations are demanding that the Federal Financial Institutions Examination Council make significant changes to its Cybersecurity Assessment Tool. What action, if any, will regulators take in response?
The FFIEC's Cybersecurity Assessment Tool needs to be redesigned, as the tool's current design sets institutions up for cyber-risk assessment failure. Industry leaders say they're hopeful that change is on the way because the FFIEC is reviewing a second wave of comments about the tool's efficacy.
A federal official's comments this week that the government is "ending" the HITECH Act's "meaningful use" incentive program for electronic health records is raising numerous questions, including what's next for health data privacy and security regulations.