Yet another study reveals that millions of people are picking weak passwords, with "123456" remaining our collective favorite. Rules requiring stronger passwords and not forcing passwords to expire both could help boost security.
A list of "super user" passwords - and a default username - now circulating online appears to allow unauthorized access to some webcam video streams, security researchers warn. If confirmed, it would be yet another massive internet of things security failure by a device manufacturer.
In an effort to help advance secure nationwide health data exchange, federal regulators have released an updated online tool to help healthcare entities and technology developers sort through critical standards and implementation specifications. Learn why some thought leaders are giving the guide a thumbs up.
The National Governors Association, in a new road map for improving nationwide secure health data exchange, proposes that states attempt to better align their privacy laws to the federal HIPAA Privacy Rule to help remove legal barriers.
The impact of the patient data privacy and security provisions of the 21st Century Cures Act, signed into law Dec. 13, will depend, in part, on who is chosen to study key issues and come up with recommendations, says attorney Steven Teppler.
Over the years, HHS has released several guidance documents, but all are weak and without mandates as it relates to identity management and authentication of entities accessing protected health information. Guidance typically includes words like "may" and "should," but rarely include words like "shall" or "must."
Leading the latest edition of the ISMG Security Report: an analysis of the impact on healthcare information security and privacy of the 21st Century Cares Act, which President Obama signed into law Dec. 13. Also, a report on the spread of malvertising and an update on the Bangladesh Bank cyber heist.
Federal regulators have issued new guidance to clarify what uses and disclosures of patient information for public health reporting, surveillance and investigations are permitted under HIPAA's privacy regulations.
President Obama is expected on Dec. 13 to sign the 21st Century Cures Act, which the Senate passed on Dec. 7. Among its long list of provisions, the bill lays out a number of privacy and security-related projects for HHS, including imposing fines on those that intentionally block health data information sharing.
In a rare settlement of a data breach class action lawsuit, Tampa General Hospital has agreed to pay plaintiffs who alleged they're at risk for identity theft as a result of insider incidents. But was the settlement amount appropriate?
Facebook, Microsoft, Twitter and YouTube have promised to contribute to a shared database containing hashes - digital fingerprints - of images and videos that promote hatred or terror to facilitate more rapid takedowns. But does the project go far enough?
Hacker incidents continue to dominate major breaches reported to the Department of Health and Human Services. Among the latest incidents added to the HHS tally: an attack at an Atlanta clinic affecting more than 530,000 individuals. What can be done to address the risks?
The House has easily approved a heavily reworked version of the 21st Century Cures bill that was stripped of controversial proposed changes to HIPAA. The measure, which would provide $6.3 billion for various efforts to advance medical innovation and is backed by the White House, will proceed to the Senate next week.