The recent surge in ransomware attacks on hospitals has at least one member of Congress contemplating whether HIPAA's breach notification requirements need to be clarified or updated to reflect the trend.
Smaller hospitals and clinics must avoid the common mistake of thinking they won't fall victim to cyberattacks, warns risk management expert Tom Andre, vice president of information services at the Cooperative of American Physicians.
Despite the pervasiveness of data breaches, healthcare organizations are still playing catch-up on implementing strong, risk-based security programs, rather than focusing solely on HIPAA compliance, says David Finn of Symantec. He offers a preview of his session at the HIMSS 2016 Conference about a new survey.
Federal regulators have issued new guidance to clarify scenarios where HIPAA privacy and security regulation might apply, including for mobile health applications and electronic data exchange. Why are some organizations still so confused?
Three banks and a pharmaceutical company in India are reported to have been hacked by attackers who compromised IT administrators' computers using Lechiffre ransomware, demanding payment in bitcoins. How should CISOs defend against extortion?
Malaysia expects to witness increased incidents of commercial fraud, ransomware and online scams in 2016. Cybersecurity head Amiruddin Abdul Wahab drives the agenda for securing cyberspace and discusses measures to tackle threats.
If there's one thing federal regulators want to drill into the heads of covered entities and business associates about data breach prevention, it's this: Stop procrastinating, and conduct a risk analysis and encrypt most of your computing devices right away.
Public sector organizations need to better understand the driving forces, priorities and procedures within the organizations they "protect," but equally as important is that the private sector organizations reciprocate and understand the how, what and why of the law enforcement/public body process.
In light of growing threats and the increasing complexity of information technology, organizations must get everyone in the enterprise, especially top leaders, involved in assessing and managing information risk.