After hearing objections from hospitals and physicians about a proposed "opt-in" approach to obtaining patient consent for health information exchange, the Maine legislature has passed a rewritten measure that spells out rules for an "opt-out" approach.
"I'd like to make sure our recommendations fit with what the FFIEC is recommending, to continue to help us mitigate risk," says Michael J. Wyffels, SVP and CTO of QCR Holdings Inc. "But the hackers seem to continue to find new ways to exploit vulnerabilities."
When a database breach occurs, consumer notification continues to be a public problem. And it's time for the federal government to step in, says Linda Foley, co-founder of the non-profit Identity Theft Resource Center.
"I think this is another great example of the lengths to which criminals will go to perpetrate these schemes, and the amount of homework they do," says Julie McNelley, banking and payments fraud analyst at Aite Group.
The Health IT Policy Committee on June 8 made recommendations on a number of privacy and security issues, including the use of digital certificates by participants in the Nationwide Health Information Network initiative.
The Office of the National Coordinator for Health Information Technology has announced a new program of prizes and competitions that's designed to spur innovations in health IT, including projects that address privacy and security.
Melissa Hathaway, at a cybersecurity forum for lawyers, calls for the cybersecurity education of judges so justice could be served in an era of digital assaults. She also explains how the Sony breach provides a new path for malware.
Victimized by a hack of its SecurID authentication token that resulted in the breaches of several customers' IT systems, security maker RSA is expected to announce its first chief security officer as early as Friday.
A new federal suit against Michaels claims the crafts retailer, hit by a POS skimming scheme in May, took too long to notify customers after it learned of the breach that affected stores in 20 U.S. states.
Healthcare organizations need to implement role-based privacy and security training to identify specific types of education for employees with different levels of access to protected health information, says Alex Eremia, chief privacy officer at MedStar Health.
"It's been more than a year since the House passed this bill by an overwhelming margin," says Rep. Dan Lipinski, who shepherded the measure through the House last year. "Since then, the problem of cybercrime has only increased."
Strong authentication, using both fact-based and behavioral-based fraud detection solutions, should be part of every financial institution's layered security approach, says Reed Taussig, CEO of ThreatMetrix.