Last month, the FFIEC issued an FAQ about its Cybersecurity Assessment Tool, reiterating that use of the tool is voluntary. But some critics say regulators are still questioning institutions about their use of the tool during IT examinations, meaning its use is not truly voluntary.
Most - but not all - ransomware attacks against healthcare organizations are reportable breaches requiring notification to affected individuals and federal regulators, Deven McGraw, deputy director of health information privacy at the HHS Office for Civil Rights, explains in this video interview.
An analysis of how the Donald Trump administration will address health IT security and privacy leads the latest edition of the ISMG Security Report. Also, the ramifications of a big breach, and an FBI agent tackles ransomware.
During a recent business trip to San Francisco, ATM security expert John Buzzard stumbled upon an ATM that had been damaged by an explosive substance - a vivid reminder of an emerging threat. Buzzard offers insights on the latest ATM risks.
After 10 days of Microsoft not issuing an advisory or fix for a zero-day flaw found by Google that's being actively exploited in the wild, Google publicly revealed details of the flaw. But Microsoft says that puts its users at further risk.
For healthcare information security professionals, the time has come to adopt a "wartime mindset" to ensure patient information is safeguarded from cyber threats. That's why ISMG has recruited a diverse array of experts to provide timely advice at our Healthcare Security Summit in New York Nov 1-2.
Neutering the army of web-connected devices used in the large internet attack that hampered access to major sites - including Amazon, PayPal, Spotify and Twitter - is technically possible. But no option offers either a great or near-term fix.
In the twelfth HIPAA enforcement action so far this year, federal regulators have smacked St. Joseph Health System with a $2 million penalty after investigating a breach that exposed patient information to internet searches for more than a year. And more enforcement actions tied to other breaches are on the way.
Virtually every industry is prone to cyberattacks, online fraud and identity theft. For years' banks have secured online transactions for commercial accounts and private banking customers via multifactor authentication. Now through organizations like the NCSA and HIMSS, multifactor authentication may finally become...
With comprehensive network modeling extending into virtual networks, network security engineers can gain the needed visibility to unify security and compliance processes across their hybrid hardware and virtual environments.