The traditional IAM strategy has been to tie individual users with a unique device. But that doesn't work in healthcare settings, where doctors and nurses often share multiple devices. Jigar Kadakia of Partners HealthCare talks about how he approaches this critical challenge.
Encouraged by the moves of medical device manufacturers, Jennings Aske, CISO of NY Presbyterian Hospital, says the "state of the union" of medical device security has improved dramatically. But what more is needed to mitigate risks?
With half of 2019 in the rear-view mirror, what are the emerging healthcare data breach trends so far this year? Hacker/IT incidents continue to be the dominant cause of breaches, while another formerly common cause - lost or stolen devices - has become relatively rare, according to the federal tally.
A lawsuit against the University of Chicago Medical Center and Google seeking class action status points to the important privacy and security issues raised when sharing patient data for research purposes - and whether data can be truly "de-identified."
Several unsecured Amazon S3 buckets belonging to IT services firm Attunity left at least 1 TB of data, including files from companies such as Netflix, TD Bank and Ford, exposed to the internet, UpGuard researchers disclosed. Although the databases have been secured, an investigation is continuing.
Italy's data protection regulator has slapped a $1 million fine on Facebook for mismanaging user data and precipitating the Cambridge Analytica debacle. But that pales by comparison to the the fine that's reportedly still being weighed by the U.S. Federal Trade Commission.
The debate over whether the U.S. government should have the right to force weak crypto on Americans has returned. Here's what hasn't changed since the last time: mathematics and the choice between strong crypto protecting us or weak encryption - aka backdoors - imperiling us all.
Bipartisan healthcare legislation that a Senate health committee passed on Wednesday includes a provision that would incentivize healthcare entities to adopt "strong cybersecurity practices" by encouraging federal regulators to consider organizations' security efforts when making HIPAA enforcement decisions.
Attackers - likely operating from China - have been surreptitiously hacking into global telecommunications providers' networks to quietly steal metadata and track subscribers - and those with whom they communicate - as part of an ongoing cyber espionage operation, warns security firm Cybereason.
When migrating systems, data and applications to the cloud, a critical security step is to involve compliance auditors in the process as early as possible, says Thien La, CISO at Wellmark Blue Cross Blue Shield.
Bad news for anyone who might have hoped that the data breach problem was getting better. "Anecdotally, it just feels like we're seeing a massive increase recently," says Troy Hunt, the creator of the free "Have I Been Pwned?" breach-notification service. Unfortunately, he says, the problem is likely to worsen.
The annual Infosecurity Europe conference this year returned to London. Here are visual highlights from the event, which featured over 240 sessions and more than 400 exhibitors, 19,500 attendees and keynotes covering data breaches, darknets, new regulations and more.
Third-party risk has emerged as one of 2019's top security challenges, and the topic was the focus of a recent roundtable dinner in Charlotte. RSA's Patrick Potter attended that dinner and shares insight on how security leaders are approaching this aspect of digital risk management.
Data in non-production environments represents a significant percentage of total enterprise data volume. Non-production environments also carry more risk than production environments because there are more direct users, says Ilker Taskaya of Delphix, who discusses how organizations can reduce that risk.