The year 2015 will be remembered for the surge in massive hacker attacks in healthcare. But what lessons can healthcare organizations and their business associates learn from these data breaches?
In the coming months, the Department of Homeland Security will implement a new cyberthreat information sharing law designed to help prevent breaches. But will the Cybersecurity Act of 2015 really make a difference?
Privacy and security expert Rebecca Herold outlines three common HIPAA compliance missteps and offers advice on bolstering security and minimizing the risk of breaches.
The HHS Office for Civil Rights will dramatically ramp up its HIPAA enforcement activities in 2016, fueled by a financial infusion from recent fines in HIPAA cases, predicts privacy attorney David Holtzman of CyngergisTek, a former OCR senior adviser.
Legislative expert Samantha Burch of the Healthcare Information and Management Systems Society offers an in-depth analysis of healthcare provisions in the recently enacted Cybersecurity Act of 2015 and describes how the law could prove especially helpful to smaller organizations.
In the age of payment card breaches, PCI compliance is a top priority for merchants and organizations that process electronic payments. But what difference does it make when its PCI compliance in the cloud? What makes compliance in the cloud unique? Steve Neville, Director of Cloud & Data Center Security at Trend...
Jeremy King of the PCI Security Standards Council explains why it has extended its compliance deadline for encryption updates aimed at phasing out SSL and TLS 1.0. But he stresses that merchants, processors and acquirers should not wait to make upgrades.
Security expert Tom Walsh makes a case for why the time has come to update the HIPAA Security Rule, which he says is out of date in light of today's new technologies and sophisticated cyberthreats.
President Obama has signed legislation to incentivize businesses to share cyber threat information with the federal government. On Dec. 18, both houses of Congress passed the measure as part of a $1.1 trillion spending package.
In the largest monetary award obtained by the FTC in an enforcement action, LifeLock has agreed to pay $100 million to settle a case that, in part, stemmed from the identity protection company failing to establish and maintain an information security program to protect customers' personally identifiable information.
After years of failing to enact cyberthreat information-sharing legislation, Congress is poised to vote on a measure this week that would incentivize businesses to share voluntarily threat data with the federal government and with each other.
To guard against health data breaches, healthcare organizations must demand more proof that their business associates are safeguarding patient data and mitigating related risks, says privacy and security expert Daniel Schroeder.
New guidance for cyber-resilience, vendor management and breach notification are expected for New York state banks in early 2016. And the tone set by these guidelines may have a ripple effect, influencing the actions of federal banking regulators.
In its sixth HIPAA resolution agreement so far in 2015, the HHS Office for Civil Rights has announced a settlement with the University of Washington Medicine that includes a $750,000 penalty. It's the first HIPAA enforcement case stemming from the investigation of a phishing-related breach.
Passage of cyberthreat information-sharing legislation could hinge on how the measure is presented to Congress, and its fate could be tied to a massive omnibus appropriations bill to fund the federal government for the remainder of fiscal 2016.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.com, you agree to our use of cookies.