New federal guidance that describes processes in the current round of HIPAA compliance audits - which could lay the foundation for future rounds of audits - illustrates the massive amount of documentation demanded for these "desk audits."
CEO fraud campaigns are becoming far more common. A recent attack against our company was deflected because of the alertness of a staff member who received a fraudulent wire transfer request, illustrating why well-informed employees truly are the best lines of defense against these schemes.
A Congressional proposal that would allow HHS to offer technical assistance to private-sector efforts aimed at solving the problem of matching the right records to the right patient could pave the way for a significant breakthrough, says Lynne Thomas Gordon, CEO of AHIMA, which represents records professionals.
Security firm ThreatConnect says Guccifer 2.0, who claims to be the lone hacker of the Democratic National Committee, may have close ties to Russia. But after reviewing related technical evidence, not all security experts agree.
The Petya ransomware gang says it released 3,500 crypto keys that it stole - along with source code - from rival Chimera ransomware developers. If the keys are legitimate, security firms say they can build decryption tools for Chimera victims.
The nation's HIPAA enforcement agency has dramatically ramped up its issuance of breach-related financial penalties. In the ninth enforcement action of 2016, it slapped University of Mississippi Medical Center with a $2.75 million fine after a breach investigation revealed big security woes.
At the Black Hat event in Las Vegas later this month, researchers plan to reveal vulnerabilities in hooking engines, a critical component of security software and other applications, including Microsoft Office.
The federal agency that enforces HIPAA has been very busy lately, taking numerous steps to reiterate the importance of safeguarding patient data and stressing the need to prepare a breach response plan. But the agency still needs to improve transparency on breaches involving business associates.
Oregon Health & Science University says it has been slapped with a $2.7 million fine after HHS investigated two data breaches that affected a total of about 7,000 individuals. It's the eighth HIPAA-related settlement announced by HHS so far this year.
How low will ransomware go? New malware - dubbed Ranscam - demands bitcoins to unlock files, but in reality they've already been deleted, researchers warn. As always when it comes to defending against ransomware, preparation pays.
The Department of Health and Human Services' Office for Civil Rights has notified 167 covered entities they've been selected for remote "desk audits" of their HIPAA compliance. But the audits will focus on only a handful of requirements.
Most ransomware attacks result in a breach of protected health information that must be reported under HIPAA, according to newly released federal guidance for healthcare entities and business associates. But is the guidance clear enough?
Security vendors are issuing warnings about two new types of dangerous Mac malware - Eleanor and Keydnap - which serve as a reminder that it's not just Windows users coming under fire from malicious software developers and tricksters.
Would access to better information pertaining to encryption help Congress pass good crypto-related laws? That's the impetus behind a "Digital Security Commission" and a related report being hawked by some lawmakers.
Warning to parents and guardians: Beware of collecting, storing or sharing your child's biometric information - including fingerprints and DNA - even if you're creating a so-called "Child ID Kit," because the data is a natural target for identity thieves.