Healthcare Information Security Podcast

Solutionary is out with its 2013 Global Threat Intelligence Report. What are the top four threats to organizations, and how can they be mitigated? Security strategist Don Gray offers insights and tips.

Healthcare organizations should use a four-step process to determine how best to apply encryption to minimize security risks, says security expert Feisal Nanji.

Prolexic's CEO Scott Hammack says battling distributed-denial-of-service attacks has become part of everyday business. And during this in-depth interview, he explains why.

DDoS attacks on banks have returned, and the attackers are changing their tactics and expanding their attack toolsets. How must organizations change the way they defend against DDoS? Carlos Morales of Arbor Networks shares strategies.

Farzad Mostashari, M.D., the national coordinator for health information technology, wants to ramp up use of health information exchange to improve care quality. In an exclusive interview, he tackles privacy, security issues.

Too many healthcare organizations conduct a HIPAA compliance assessment instead of a comprehensive risk analysis, says security specialist Dave Newell, who also points out other common mistakes.

University of Pittsburgh Medical Center is replacing its decade-old identity management system with a new system that can better tackle emerging risks, says John Houston, UPMC's security and privacy leader.

Preparing for compliance with the privacy and security provisions of the HIPAA Omnibus Rule and the HITECH Act electronic health record incentive program go hand-in-hand, says federal privacy officer Joy Pritts.

As the banking industry gets better at defending itself against security threats, cybercriminals will focus more of their attention on stealing data from the healthcare industry, predicts cybercrime expert Bill Fox.

We now have seen three waves of DDoS attacks on U.S. banks, and Dan Holden of Arbor Networks says we have seen three distinct shifts in these incidents. What can we expect going forward?

Although the HIPAA Omnibus Rule is a step in the right direction for protecting health information, the regulation still leaves large privacy gaps, says patient advocate Deborah Peel, M.D.

Business line managers are in better positions to control and monitor network and system access privileges than IT departments, since they know their employees and the privileges they should be provided, says Bill Evans of Dell Software.

Authenticating appropriate network administrators and employees has become increasingly challenging, especially for healthcare organizations and regional banking institutions, says Tim Ager of Celestix.

What are the responsibilities of business associates under the HIPAA Omnibus Rule? And how should covered entities work with BAs on compliance? Security expert Mac McMillan explains.

The resumption of the HIPAA compliance audit program is on hold while regulators analyze pilot audit project results and implement the HIPAA Omnibus Rule, says Susan McAndrew of the HHS Office for Civil Rights.

New research says more than 25 percent of consumers hit by a data breach later become victims of identity fraud - especially when payment card information is exposed. Javelin's Al Pascual shares analysis.

Data security used to be about building firewalls and protections around the data. Now it's about securing the data itself. That's why data is the new perimeter, says Charlie Pulfer of Titus.

Intelligence is helping organizations not only detect and prevent intrusions, says Mark Wood of Dell SecureWorks. It's also helping them identify they've been targeted for an attack in the first place.

Despite ever-evolving cybersecurity threats, David Knight of Proofpoint says spear phishing attacks are really the greatest worries for most security and risk officers.

The private sector has a unique opportunity to respond to President Obama's cybersecurity executive order and help shape information sharing and critical infrastructure protection. David Burg of PwC tells how.