The federal government needs to provide more resources and incentives to help healthcare organizations better protect their IT systems and data from cyberattacks, according to health IT security leaders.Currently, the Department of Health and Human Services privacy and security standards are too focused on compliance and are unduly punitive to healthcare provider organizations when a
It’s been decades now since Steve Katz became the business world’s first CISO. Today he is still active in the cybersecurity community and offers his unique perspective on security threats, solutions and the next generation of leaders.
Description: Bosses are more likely to receive a pay rise after their firm suffers a cybersecurity breach, according to a study by the UK’s Warwick Business School. Security breaches did have a lasting impact on the way firms were run, as they typically paid lower dividends and invested less in research and development up to
Phishing emails to employees at several school districts in Monterey County, California, have exposed Social Security numbers and medical records. A phishing scam targeting Carmel Unified School District in Monterey County, California, exposed documents containing sensitive employee information, the district announced last week.Hackers obtained login credentials to several employee email accounts, according to CUSD, one
Panelists include Kalinda Raina, head of global privacy at LinkedIn, Ruby Zefo, chief privacy officer at Uber; and J. Trevor Hughes, CEO and president at the International Association of Privacy Professionals.In the discussion with Information Security Media Group at RSA Conference 2019 in San Francisco, the panelists discuss:The current state of privacy within the enterprise;How
Birth dates and Social Security numbers for 1,000 Orange County Sanitation District retirees were accessed in a phishing scheme, the district confirmed Monday.District retirees, former employees and board members were being notified of the data breach in the utilitys deferred compensation plan, which occurred in December after a file at NFP Corp. was accessed via
Improve Disclosures and ControlsWith threats of nation-states infiltrating supply chains and landmark laws being passed, cybersecurity and privacy are critical aspects of director oversight. Recent court decisions and speeches from the SEC have made it clear that directors are not able to delegate cybersecurity oversight: directors each have the responsibility to personally understand cybersecurity risk
In a summary report issued Wednesday, the HHS Office of Inspector General highlighted several security controls that need improvement across eight HHS operating divisions. The weaknesses included configuration management, access control, data input controls and software patching, the report notes. Similar concerns have been raised in previous OIG reports.The OIG report is based on findings
A lot of attention is focused on network access security; it can be easy to overlook the vulnerability of data at the edge. We hear a lot about cybersecurity breaches in the news, but were not always told the cause. The business or organization involved is rarely forthcoming with insight about breach scope and exposure.
There is a project starting in HL7 to define an Implementation Guide for “Basic Provenance” for use with CDA and FHIR. The motivation for this project, as I understand, is to move the Healthcare industry from providing very little Provenance, to providing Provenance that provides some value. From W3C PROV we get a very clear