Tag: HIPAA
-
Texas Drops Challenge to 25-Year-Old HIPAA Privacy Rule
Move Comes After Ruling in Separate Case Discarded HIPAA Reproductive PHI Changes. The state of Texas has dropped a federal lawsuit filed against the U.S. Department of Health and Human Services that sought to vacate the 25-year-old HIPAA privacy rule, as well as 2024 rule changes under the Biden administration that prohibit the disclosure of…
-
3 ways CISOs can win over their boards this budget season
Tip 2: Go beyond compliance standards: It’s no secret that compliance and regulations drive nearly 80% of CISOs’ budget justifications. Industry standards like HIPAA and SOC2 can offer a guiding framework for a program, but with evolving threats from AI, the rise of quantum computing and increasingly complex third-party risk, CISOs need to think of…
-
Attack Surface Management ein Kaufratgeber
Tags: ai, api, attack, business, cloud, crowdstrike, cyber, cyberattack, cybersecurity, data, detection, dns, framework, hacker, hacking, HIPAA, incident response, infrastructure, intelligence, Internet, microsoft, monitoring, network, open-source, PCI, penetration-testing, risk, service, soc, software, supply-chain, threat, tool, update, vulnerabilityMit diesen Attack Surface Management Tools sorgen Sie im Idealfall dafür, dass sich Angreifer gar nicht erst verbeißen.Regelmäßige Netzwerk-Scans reichen für eine gehärtete Angriffsfläche nicht mehr aus. Um die Sicherheit von Unternehmensressourcen und Kundendaten zu gewährleisten, ist eine kontinuierliche Überwachung auf neue Ressourcen und Konfigurationsabweichungen erforderlich. Werkzeuge im Bereich Cyber Asset Attack Surface Management (CAASM)…
-
Unlocking Cloud Security: Introducing the New AWS Key Rotation Feature in CipherTrust Cloud Key Management
Tags: access, automation, cloud, compliance, container, control, cyber, cyberattack, data, encryption, finance, framework, GDPR, HIPAA, infrastructure, PCI, risk, service, software, strategy, threat, toolUnlocking Cloud Security: Introducing the New AWS Key Rotation Feature in CipherTrust Cloud Key Management madhav Thu, 11/13/2025 – 05:12 How Automated Key Management Empowers Customers and Elevates Data Protection Encryption Scotti Woolery-Price – Partner Marketing Manager, Thales More About This Author > How Automated Key Management Empowers Customers and Elevates Data Protection In today’s…
-
Unlocking Cloud Security: Introducing the New AWS Key Rotation Feature in CipherTrust Cloud Key Management
Tags: access, automation, cloud, compliance, container, control, cyber, cyberattack, data, encryption, finance, framework, GDPR, HIPAA, infrastructure, PCI, risk, service, software, strategy, threat, toolUnlocking Cloud Security: Introducing the New AWS Key Rotation Feature in CipherTrust Cloud Key Management madhav Thu, 11/13/2025 – 05:12 How Automated Key Management Empowers Customers and Elevates Data Protection Encryption Scotti Woolery-Price – Partner Marketing Manager, Thales More About This Author > How Automated Key Management Empowers Customers and Elevates Data Protection In today’s…
-
Bill Seeks HIPAA-Like Protections for Consumer Health Data
Senate HELP Committee Chair Seeks to Secure Data in Smart Watches, Health Apps. Sen. Bill Cassidy, R-La., a physician and chair of the Senate health committee, has proposed legislation that aims to create parallel HIPAA-like privacy protections to more types of health data – such as data collected by consumer wearable devices and health apps…
-
Digital health can’t scale if cybersecurity falls behind
Tags: access, ai, attack, breach, cloud, compliance, control, cyber, cyberattack, cybersecurity, data, detection, encryption, endpoint, exploit, framework, GDPR, governance, government, healthcare, HIPAA, identity, infection, intelligence, malicious, network, nist, phishing, privacy, ransomware, regulation, resilience, risk, risk-management, strategy, technology, threat, training, virus, vulnerability, zero-trustThe unique vulnerabilities of AI systems: Traditional security frameworks are not enough for AI. Attacks on algorithms take subtler forms. I often explain to my clients that when you corrupt data, you corrupt intelligence. Data poisoning occurs when malicious data is inserted into the training process, teaching the AI to make wrong decisions later. Imagine…
-
Digital health can’t scale if cybersecurity falls behind
Tags: access, ai, attack, breach, cloud, compliance, control, cyber, cyberattack, cybersecurity, data, detection, encryption, endpoint, exploit, framework, GDPR, governance, government, healthcare, HIPAA, identity, infection, intelligence, malicious, network, nist, phishing, privacy, ransomware, regulation, resilience, risk, risk-management, strategy, technology, threat, training, virus, vulnerability, zero-trustThe unique vulnerabilities of AI systems: Traditional security frameworks are not enough for AI. Attacks on algorithms take subtler forms. I often explain to my clients that when you corrupt data, you corrupt intelligence. Data poisoning occurs when malicious data is inserted into the training process, teaching the AI to make wrong decisions later. Imagine…
-
Digital health can’t scale if cybersecurity falls behind
Tags: access, ai, attack, breach, cloud, compliance, control, cyber, cyberattack, cybersecurity, data, detection, encryption, endpoint, exploit, framework, GDPR, governance, government, healthcare, HIPAA, identity, infection, intelligence, malicious, network, nist, phishing, privacy, ransomware, regulation, resilience, risk, risk-management, strategy, technology, threat, training, virus, vulnerability, zero-trustThe unique vulnerabilities of AI systems: Traditional security frameworks are not enough for AI. Attacks on algorithms take subtler forms. I often explain to my clients that when you corrupt data, you corrupt intelligence. Data poisoning occurs when malicious data is inserted into the training process, teaching the AI to make wrong decisions later. Imagine…
-
ISMG Editors: UN Cybercrime Treaty Raises Privacy Fears
Also: Hospital Scandal Exposes HIPAA Risks; Jamf Acquisition Signals Industry Shift. In this week’s panel, ISMG editors discussed privacy concerns related to the U.N. Cybercrime Treaty, the legal fallout from candid photos of patients at Baptist Jay Hospital posted to SnapChat, and the market implications for Francisco Partners’ acquisition of Apple device management firm Jamf.…
-
CAASM and EASM: Top 12 attack surface discovery and management tools
Tags: access, ai, api, attack, automation, blockchain, business, cloud, control, corporate, credentials, cyber, cybersecurity, dark-web, data, data-breach, detection, dns, endpoint, exploit, framework, guide, hacking, HIPAA, incident response, infrastructure, intelligence, Internet, leak, marketplace, microsoft, monitoring, network, open-source, PCI, risk, risk-assessment, service, soc, software, supply-chain, technology, threat, tool, update, vulnerabilityCAASM and EASM tools for attack surface discovery and management: Periodic scans of the network are no longer sufficient for maintaining a hardened attack surface. Continuous monitoring for new assets and configuration drift are critical to ensure the security of corporate resources and customer data.New assets need to be identified and incorporated into the monitoring…
-
New York Hospitals Are Facing Tougher Cyber Rules Than HIPAA
State cybersecurity regulations that apply to some hospitals in New York state go well compliance under the federal HIPAA security rule, posing expanded data governance challenges for providers, said Matthew Bernstein of consulting firm Bernstein Data. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/interviews/new-york-hospitals-are-facing-tougher-cyber-rules-than-hipaa-i-5498
-
New York Hospitals Are Facing Tougher Cyber Rules Than HIPAA
State cybersecurity regulations that apply to some hospitals in New York state go well compliance under the federal HIPAA security rule, posing expanded data governance challenges for providers, said Matthew Bernstein of consulting firm Bernstein Data. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/interviews/new-york-hospitals-are-facing-tougher-cyber-rules-than-hipaa-i-5498
-
New York Hospitals Are Facing Tougher Cyber Rules Than HIPAA
State cybersecurity regulations that apply to some hospitals in New York state go well compliance under the federal HIPAA security rule, posing expanded data governance challenges for providers, said Matthew Bernstein of consulting firm Bernstein Data. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/interviews/new-york-hospitals-are-facing-tougher-cyber-rules-than-hipaa-i-5498
-
Top 10 Best Cybersecurity Compliance Management Software in 2025
Cybersecurity compliance has become a mission-critical part of modern business operations. With the rise of data privacy laws, global regulations, and increasing cyber threats, organizations need reliable compliance management software to stay secure and audit-ready. The best compliance platforms streamline frameworks like SOC 2, ISO 27001, HIPAA, PCI DSS, GDPR, and more while automating workflows,…
-
Feds Release Updated HIPAA Security Risk Analysis Tool
Experts Say Tool Geared to Small, Midsized Organizations. Federal regulators have updated their HIPAA security risk assessment tool that’s long been aimed at helping small and midsized providers and business associates with risk analysis – an activity that many healthcare organizations can’t seem to get right. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/feds-release-updated-hipaa-security-risk-analysis-tool-a-29411
-
The Full Lifecycle Imperative: Why >>Shift Left<>Shift Right<<
Tags: access, ai, api, attack, authentication, automation, business, cloud, compliance, data, detection, framework, governance, HIPAA, mitre, nist, PCI, risk, siem, strategy, threat, tool, vulnerability, wafIn this series, we examined the vital connection between AI and APIs, highlighting what makes a leader in the API security market through the 2025 KuppingerCole Leadership Compass. Now, we turn to the core strategy of true API security: the full-lifecycle approach, where security is a continuous, integrated process rather than a single action. The…
-
How Gainesville Regional Utilities is locking down vendor risk
Tags: access, breach, business, cio, ciso, compliance, conference, cyber, data, finance, group, HIPAA, infrastructure, malicious, penetration-testing, risk, risk-assessment, risk-management, service, soc, strategy, threat, vulnerabilityIntake and triage: The requesting business unit submits an intake form detailing the vendor’s responsibilities, the IT service involved, the types of data needed, and any required system access. The IT security team then conducts an initial risk triage.Detailed assessment: If the vendor poses a moderate or high risk, it must complete a security questionnaire…
-
Tiny US Agency to Enforce Substance Abuse Regs – and HIPAA
HHS Shifts 42 CFR Enforcement Duties to Office of Civil Rights Amid Massive Reorg. The U.S. Department of Health and Human Services has put its Office for Civil Rights in charge of investigating and penalizing organizations that breach the confidentiality of substance abuse disorder records. Some fear the agency doesn’t have the bandwidth to enforce…
-
Farmers Insurance, Aflac Report Data Breaches to Regulators
Farmers’ HIPAA Breach Affects 1.1 Million; Aflac Is Still Counting Victims. Two major U.S.-based insurers – Farmers Insurance and Aflac Inc. – have each reported to regulators data breaches involving two recent separate cyberattacks. The breaches follow a spring and summer spree of data exfiltration incidents that hit multiple large players in the insurance sector.…
-
Wichtige Vorgabe bei DSGVO, NIS2, HIPAA, DORA und ISO 27001 – Datensicherung Definition, bewährte Verfahren und zukünftige Trends
First seen on security-insider.de Jump to article: www.security-insider.de/datensicherung-definition-bewaehrte-verfahren-und-zukuenftige-trends-a-c9d84e8d59059d9abea04653eae079f7/
-
Password crisis in healthcare: Meeting and exceeding HIPAA requirements
In 2025, healthcare organizations are facing a new wave of password security risks. Recent data from the HIMSS Cybersecurity Survey reveals that 74% experienced at least one … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/08/20/healthcare-password-crisis/
-
Why Do HIPAA Risk Analyses Miss the Mark So Often?
Common Weaknesses Healthcare Providers Must Overcome to Avoid Regulators’ Wrath. Regulators have long pushed HIPAA-regulated providers to ensure their enterprise-wide security risk analysis is comprehensive and timely, so they can identify security issues before they become data breaches. Why do so many organizations struggle with this top HIPAA priority? First seen on govinfosecurity.com Jump to…
-
Accounting Firm Pays Feds $175K for HIPAA Ransomware Breach
Settlement Includes Corrective Action Plan Focused on Improving Risk Analysis. An investigation into a ransomware breach reported in 2020 as affecting the protected personal information of 170,000 people led to a $175,000 fine against a certified public accounting and consulting firm. Regulators also required the company to implement a corrective action plan in the settlement.…
-
How have you seen successful organizations integrate HIPAA compliance into their everyday operations rather than treating it as just an annual audit requirement?
Organizations that treat HIPAA compliance as a living, breathing part of their operations, not just an annual checkbox, are the ones best positioned to protect patient data, mitigate risk, and build enduring trust with patients and partners. Based on patterns observed across successful healthcare providers, health-tech companies, and third-party service organizations, a recurring theme emerges:…The…
-
275M patient records breached”, How to meet HIPAA password manager requirements
Healthcare led all industries in 2024 breaches”, over 275M patient records exposed, mostly via weak or stolen passwords. See how the self-hosted password manager by Passwork helps providers meet HIPAA requirements, protect ePHI, and keep care running. Try it free for 1 month. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/275m-patient-records-breached-how-to-meet-hipaa-password-manager-requirements/