Corporate account takeover events are reigniting the debate between banks and their former commercial customers, about everything from fraud liability and the "good faith" standard to commercially reasonable security.
Two electronic health records pioneers that already have earned federal EHR incentive payments stress that a robust risk management program should be an essential component of any movement from paper to electronic records.
A new consumer survey suggests healthcare organizations still have a long way to go in educating patients about the benefits of electronic health records and easing their concerns about security issues.
Beth Israel Deaconess Medical Center in Boston is notifying more than 2,000 of its patients about an unusual potential health information breach incident involving a computer virus that transmitted data to an unknown location.
Social media, mobility and cloud computing are new areas of risk for organizations, and risk managers need to go back to the fundamentals of understanding the information they are protecting, says Robert Stroud, ISACA's international vice president.
"If not properly implemented, telework may introduce new information security vulnerabilities into agency systems and networks," Office and Management and Budget Director Jacob Lew warns in a White House memo.
The FFIEC's updated online authentication guidance urges banks and credit unions to do better jobs of authenticating and identifying devices, areas that aren't bolstering the kind of security they could, says security expert Ori Eisen.
Doug Johnson of the American Bankers Association says banking institutions should spend the next five months focusing on their risk assessments, as they work to meet the FFIEC's new authentication guidance update.
Now that the FFIEC's updated online authentication guidance is out, banking institutions need to move forward in preparation for 2012 compliance, says Julie McNelley, banking fraud analyst for Aite Group.
Multifactor authentication and layered security are steps financial institutions should take to protect their customers. But certain strategies are more problematic than successful when it comes to preventing fraud.