The U.S. Office of Personnel Management - besmirched by a 2015 breach that exposed the personal information of 21.5 million individuals - turns to the military for its new chief information officer. He's DoD Principal Deputy CIO David DeVries.
The next president of the United States should establish a cabinet position focused on cybersecurity, and Congress should create a more focused approach to funding and authorizing IT security initiatives, says Larry Clinton, who heads the Internet Security Alliance.
Delta is warning that a power failure lead to system outages, resulting in numerous flight cancellations or delays. As more airline-related processes get computerized, experts are asking why the airline's systems aren't more resilient.
In the largest HIPAA settlement to date, federal regulators have smacked Chicago-based Advocate Health Care with a $5.5 million fine in the wake of an investigation into three 2013 breaches. The settlement is HHS's tenth HIPAA enforcement action this year.
The nation's HIPAA enforcement agency has dramatically ramped up its issuance of breach-related financial penalties. In the ninth enforcement action of 2016, it slapped University of Mississippi Medical Center with a $2.75 million fine after a breach investigation revealed big security woes.
There's no doubt the cyber threat landscape is vast and complex. These days, it's not a question of whether a company will experience a data breach - it's when and how extensive.
Understanding the true cost of a breach is critical to an effective response. The 2015 NetDiligence® Cyber Claims Study breaks down the...
A spate of high-profile, high-impact cyber breaches at several of the largest financial institutions in the United States has brought attention to a point that cybersecurity professionals have long taken as an article of faith: boards of directors need to take an active role in the management of cyber risk.
As stated in a recent issue of the FDIC's Supervisory Insights, the risks presented by cyber attacks have become "one of the most critical challenges [in the last decade] facing the financial services sector due to the frequency and increasing sophistication of cyber attacks." In just a year's time, 2014 to 2015,...
Regardless of how many security controls are placed on a network and the components that are involved in making a network operate, there will always be vulnerabilities in a connected world. So, what do you do in an environment that allows for such risk of compromise?
One of the best methods of protecting...
The federal agency that enforces HIPAA has been very busy lately, taking numerous steps to reiterate the importance of safeguarding patient data and stressing the need to prepare a breach response plan. But the agency still needs to improve transparency on breaches involving business associates.
A government watchdog warned four federal agencies that they must be more diligent in implementing their cybersecurity programs. Otherwise, some of the government's most sensitive information is at risk of being disclosed to unauthorized individuals.
After blaming a recent spate of bank robberies on banks' poor information security practices, SWIFT has changed its tune. Now it says it wants to help financial firms spot related fraud and better share information about unfolding threats.
Organizations chosen for remote "desk audits" of their HIPAA compliance, which will begin this summer, need to be prepared to quickly provide supporting documentation, Deven McGraw, deputy director of health information privacy at the HHS Office for Civil Rights, explains this in-depth audio interview.
Anonymous is threatening global banks with 30 days of distributed denial-of-service attack disruptions and temporarily disrupted the Bank of Greece website as a preview. Security experts say all banks should take the DDoS threat seriously.
The Joint Commission, which accredits healthcare organizations, has reversed its long ban on physicians and other clinicians using text messaging to place orders related to patient care, citing technology advances that enable more secure communication. But users must comply with a list of requirements.