Without the ability to benchmark security performance against peers and industry averages, businesses can suffer from optimism bias.
To understand optimism bias of cybersecurity performance, we asked IT professionals about their organization's performance
relative to industry peers. Survey respondents included IT...
After helping a hospital to pass an audit that assessed compliance with requirements of the HITECH Act "meaningful use" electronic health record incentive program, CISO Mitch Stewart offers this audit prep advice: Beef up your risk assessment.
EdgeWave's Mike Walls, a former bomber pilot who led Navy red teams, says penetration testing is useful in analyzing bits and bytes but not the readiness of operations under attack from cyberspace. Red teams, he says, can analyze the impact on operations.
Some healthcare associations are seeking more clarity from federal regulators about security and privacy requirements proposed for Stage 3 of the HITECH Act "meaningful use" incentive program for electronic health records. Find out their concerns.
With federal regulators moving closer to restarting the delayed HIPAA compliance audit program, now is the time for covered entities and business associates to prepare for potential scrutiny, says healthcare attorney Brad Rostolsky.
White House Cybersecurity Coordinator Michael Daniel says the toughest international cybersecurity challenge facing the Obama administration is getting cooperation in coordinating responses to online crime.
Some security experts are concerned that narrower risk assessment requirements in a proposed Stage 3 rule for the HITECH Act EHR incentive program could confuse healthcare entities about the importance of conducting a broad HIPAA risk assessment.
To protect against medical ID theft and fraud, healthcare organizations need to build comprehensive security programs that go beyond just putting their "finger in the dike," says security expert Mark Ford of Deloitte.
Healthcare organizations that base their information security programs on HIPAA compliance are making a major blunder, says security consultant Brad Keller, who explains why that strategy is short-sighted.
What does "IT security as a business enabler" mean? For a definition, Gartner's Paul Proctor looks to the way IT managers at a European car maker translate security problems into a language a CEO can understand.
In the struggle to comply with changing regulatory requirements amidst an evolving technological environment, addressing information security can be overwhelming for many healthcare providers. An expert offers tips for sustainable risk management.
While the 2014 Healthcare Information Security Today survey indicates more healthcare entities are performing HIPAA security risk assessments, smaller providers and business associates are still struggling with this task, says security expert Kate Borten.
Thorough documentation will be more important in the next round of HIPAA compliance audits slated to begin this fall because most will not involve onsite examinations, says privacy attorney Adam Greene.