New long-awaited federal guidance clarifies that cloud services providers that handle protected health information are nearly always considered business associates under HIPAA and, as a result, must meet the regulation's security requirements.
Hacker attacks continue to account for the vast majority of health data breach victims this year, according to the latest federal tally. Some security experts expect that trend will persist as long as many organizations focus narrowly on HIPAA compliance rather than larger cybersecurity issues.
Sadly, users are still their own worst enemy as they are not taking the safeguards to help protect themselves in digital mobile market today. As reported by Infosecurity Magazine, today, only 45% report locking their phone with a pin, password or biometric. Yet 83% of consumers are extremely, very or somewhat...
Even when entangled in billing or other disputes with covered entities, business associates may not hold hostage the protected health information of patients, federal regulators say in recently issued guidance.
The Yahoo breach - and the theft of unencrypted security questions and answers - is a reminder to use unique passwords and security questions, store them using a password safe and take advantage of two-factor authentication whenever it's available.
Want to build a cybercrime empire predicated on selling stolen payment card data? Here's how carder forum Vendetta Network blends outsourcing, partnerships and best-of-breed tools to maximize profits while minimizing risk.
A new watchdog agency report says HHS needs to provide much more guidance on how healthcare organizations should implement controls identified by the NIST Cybersecurity Framework. But some security experts are calling for bolder action - an update of the HIPAA Security Rule.
Federal regulators have entered a $400,000 settlement with an organization that provides centralized corporate support services for a number of New England-area covered entities, citing the lack of an updated business associate agreement. What lessons can be learned from the settlement?
Asked to explain the compromise of 500 million of its users' accounts, Yahoo appears to be trying to blame Russia. Of course, that would be an easy face-saving exercise for a publicly traded firm currently negotiating its $4.8 billion sale to Verizon.
A recent court ruling illustrates yet another way patient privacy can be compromised. A federal bankruptcy court slapped WakeMed Health and Hospitals with financial penalties for exposing patient information in filings it made for cases.
A recent incident involving a vendor using a Boston clinic employee's credentials to inappropriately access patient data via a regional health information exchange illustrates the potential risks involved as the use of HIEs continues to grow.
Don't leap to conclusions on the basis of a new report that suggests Yahoo is preparing to warn the world that it was hacked and lost hundreds of millions of users' account credentials. Someone may simply have harvested passwords reused on other sites.
A developer warns that Dropbox gains wide-ranging access to Apple's OS X operating system using a SQL trick that some equate to hacking users' systems. Here's why giving a desktop app unusual access to Apple's privacy settings poses a security risk.
B. Vindell Washington, M.D., the new head of the Office of the National Coordinator for Health IT, pledges that the agency's top priority of advancing standards-based interoperable, secure health data exchange will continue under his leadership. But what will happen once a new president is elected?
The handling of a recent data breach - the details of which are still unfolding - by Oakland, Calif.-based web services company Regpack provides a look into how the discovery and disclosure of a breach can turn into a real train wreck.