The Department of Health and Human Services' privacy and security regulatory priorities for the rest of this year include tackling some long-stalled projects. Here's a rundown of the to-do list.
Enforcement of the California Consumer Privacy Act officially began Wednesday despite the lack of a final, codified version of the regulation. Experts weigh in on compliance steps organizations should take.
A preliminary settlement in a class action data breach lawsuit against Iowa Health System - which does business as UnityPoint Health - contains an unusual provision that could prove quite costly.
Japan has been scanning its entire IPv4 address space to find insecure home routers, web cameras and sensors. The results are encouraging, and the country's program could serve as a model for other nations aiming to avoid large-scale IoT security problems.
IoT devices can be made cheaply and quickly. But as a result, they may lack adequate security features. The Atlantic Council is proposing regulations that would require technology retailers to sell devices that meet security standards, which would, in turn, put pressure on IoT component makers.
A lawsuit filed against a small Georgia hospital by four of its nurses who allege the facility "schemed to manufacture false negative COVID-19 test results" for several patients who previously tested positive is shining a light on delicate issues involving whistleblowers and the privacy of patient records.
Enterprises need to move away from manual threat detection methods to leverage artificial intelligence, which can help boost defenses, says Dr. Jassim Haji, president of Artificial Intelligence Society, Bahrain Chapter.
Many ransomware gangs hell-bent on seeing a criminal payday have now added data exfiltration to their shakedown arsenal. Gangs' extortion play: Pay us, or we'll dump stolen data. One massive takeaway is that increasingly, ransomware outbreaks also are data breaches, thus triggering breach notification rules.
France's top court has upheld a $56 million fine against Google for violating the EU's General Data Protection Regulation with its advertising personalization model that lacked adequate user consent measures. The fine is the biggest yet for a GDPR privacy policy violation.
Zoom will begin beta testing an end-to-end encryption feature in July that it plans to make available at no charge to all who use the paid or free version of its teleconference platform. It's also rolling out other new security features.
Britain's failure to contain COVID-19 - despite Prime Minister Boris Johnson promising a "world-beating" effort - now includes a failed digital contact-tracing app. A new version, built to work with Apple and Google APIs, may be released by winter. Really, what's the rush?
As healthcare organizations seek out recovered COVID-19 patients for potential donations of blood plasma containing virus antibodies to help treat other patients, they need to ensure these outreach activities comply with HIPAA privacy regulations, according to new federal guidance.
A new research paper describes a side-channel attack technique that could enable hackers to eavesdrop on a conversation by tracking vibrations in a hanging ligh bulb.
Two recently reported health data breaches illustrate persistent security challenges - defending against ransomware attacks as well as unauthorized access to email - that sometimes can expose years' worth of data.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.com, you agree to our use of cookies.