If there's one thing federal regulators want to drill into the heads of covered entities and business associates about data breach prevention, it's this: Stop procrastinating, and conduct a risk analysis and encrypt most of your computing devices right away.
In her first interview since joining the HHS Office for Civil Rights as deputy director of health information privacy, Deven McGraw describes plans to relaunch HIPAA compliance audits next year and outlines other priorities.
One of the most difficult challenges in protecting sensitive patient data that's used in medical research is educating researchers and other clinicians who share that data about potential privacy issues, says Dave Summitt of Moffitt Cancer Center in Florida.
Thou shalt not reverse engineer Oracle's products. That was the stunning diktat issued by Oracle CSO Mary Ann Davidson in a blog post that some are reading as a declaration of war against the security research community.
The Ashley Madison dating website hack and threatened data release is a perfect illustration of the perils - and promise - of our Internet-connected, hacktivist age, whether it comes to online dating or the Internet of Things.
With so much stolen PII available to fraudsters, it's time for banks and others to move to more sophisticated forms of authentication of customers' identities. Knowledge-based authentication is no longer reliable.
Covered entities find it difficult to prevent unauthorized access to patient data by members of their staffs. Preventing breaches involving insiders at business associates can be even trickier, as an incident affecting Meritus Health illustrates.
A former hospital CFO has been sentenced to 23 months in federal prison for submitting false documents so a medical center could receive payments under the HITECH Act electronic health records financial incentive program.
Well-known health data privacy expert and federal adviser Deven McGraw is joining the Department of Health and Human Services' Office for Civil Rights as its new deputy director for health information privacy, heading its HIPAA enforcement efforts.
Forget attributions of the German parliament malware outbreak to Russia, or Chancellor Angela Merkel's office being "ground zero." The real takeaway is the Bundestag's apparent lack of effective defenses or a breach-response plan.
During a time of significant change for corporations, when today's modern network extends far beyond the company's physical walls, it's disturbing that companies face such well-organized and pervasive threats.
In a case also involving kidnapping and drug conspiracy, two individuals - a former hospital worker and a convicted drug trafficker - have been sentenced to prison for HIPAA privacy violations. Learn who received the maximum sentence.
Although the 2015 Healthcare Information Security Today survey shows improving regulatory compliance is priority No. 1, CISO Cris Ewell of Seattle Children's Hospital suggests building a strong information security program should be a higher priority.
Caffeine junkies are up in arms over reports that criminals have been targeting their Starbucks account balances. But the real story is poor password-picking practices by consumers, and Starbucks' lack of multi-factor authentication.