"If you're not doing the right things on managing vulnerabilities, it doesn't really matter what other kinds of sophisticated things you do - that's the baseline for security," says BeyondTrust's Marc Maiffret.
Business associate agreements should not be a dumping ground for healthcare entities to make demands on their vendors with provisions that go beyond specific HIPAA privacy and security regulations, says attorney Gerry Hinkley.
The fact that the U.S. federal government would, under some circumstances, exploit software vulnerabilities to attack cyber-adversaries didn't perturb a number of IT security providers attending the 2014 Infosecurity Europe conference in London.
In the five years since the HITECH Act was signed into law, there have been some major successes and disappointments concerning health information security and privacy, says Joy Pritts of the Office of the National Coordinator for Health IT.
Verizon's latest annual breach report shows that Web application attacks increased more than malware-fueled point-of-sale intrusions in 2013, says analyst Dave Ostertag, who provides an overview of the report's findings.
As a result of the HIPAA Omnibus Rule's new breach notification guidelines that went into effect last year, business associates need to take certain steps when notifying covered entities of incidents, says security expert Brian Evans.