Cybersecurity

HHS security policies should focus on incentives, not penalties, health IT leaders say

The federal government needs to provide more resources and incentives to help healthcare organizations better protect their IT systems and data from cyberattacks, according to health IT security leaders.Currently, the Department of Health and Human Services privacy and security standards are too focused on compliance and are unduly punitive to healthcare provider organizations when a

[ Read More ]

Data breaches result in CEO pay rises, study shows

Description: Bosses are more likely to receive a pay rise after their firm suffers a cybersecurity breach, according to a study by the UK’s Warwick Business School. Security breaches did have a lasting impact on the way firms were run, as they typically paid lower dividends and invested less in research and development up to

[ Read More ]

Phishing scam exposes personal, medical information at central California school districts

Phishing emails to employees at several school districts in Monterey County, California, have exposed Social Security numbers and medical records. A phishing scam targeting Carmel Unified School District in Monterey County, California, exposed documents containing sensitive employee information, the district announced last week.Hackers obtained login credentials to several employee email accounts, according to CUSD, one

[ Read More ]

Adapting to the Privacy Imperative

Panelists include Kalinda Raina, head of global privacy at LinkedIn, Ruby Zefo, chief privacy officer at Uber; and J. Trevor Hughes, CEO and president at the International Association of Privacy Professionals.In the discussion with Information Security Media Group at RSA Conference 2019 in San Francisco, the panelists discuss:The current state of privacy within the enterprise;How

[ Read More ]

Personal data for 1,000 pensioners accessed from OC Sanitation District

Birth dates and Social Security numbers for 1,000 Orange County Sanitation District retirees were accessed in a phishing scheme, the district confirmed Monday.District retirees, former employees and board members were being notified of the data breach in the utilitys deferred compensation plan, which occurred in December after a file at NFP Corp. was accessed via

[ Read More ]

Top 10 Topics for Directors in 2019: Cybersecurity

Improve Disclosures and ControlsWith threats of nation-states infiltrating supply chains and landmark laws being passed, cybersecurity and privacy are critical aspects of director oversight. Recent court decisions and speeches from the SEC have made it clear that directors are not able to delegate cybersecurity oversight: directors each have the responsibility to personally understand cybersecurity risk

[ Read More ]

Pen Testing of HHS Units Reveals Weaknesses

In a summary report issued Wednesday, the HHS Office of Inspector General highlighted several security controls that need improvement across eight HHS operating divisions. The weaknesses included configuration management, access control, data input controls and software patching, the report notes. Similar concerns have been raised in previous OIG reports.The OIG report is based on findings

[ Read More ]

Remote Patient Care: How Secure is Your Mobile Data?

A lot of attention is focused on network access security; it can be easy to overlook the vulnerability of data at the edge. We hear a lot about cybersecurity breaches in the news, but were not always told the cause. The business or organization involved is rarely forthcoming with insight about breach scope and exposure.

[ Read More ]

Basic Provenance Use-cases

There is a project starting in HL7 to define an Implementation Guide for “Basic Provenance” for use with CDA and FHIR. The motivation for this project, as I understand, is to move the Healthcare industry from providing very little Provenance, to providing Provenance that provides some value. From W3C PROV we get a very clear

[ Read More ]