Healthcare Information Security Podcast

Some of the largest banks in the U.S. were unable to ward off sophisticated DDoS attacks, so what can smaller organizations do? Plenty, says Marty Meyer, President of Corero Network Security.

The HIPAA Omnibus Rule creates a complex chain of compliance liability among covered entities and their business partners. Data security attorney Stephen Wu sorts through the details.

We've seen user-driven trends such as BYOD before, says Kevin Flynn of Fortinet. And if organizations remember past security lessons, they will avoid falling prey to mistakes that could lead to breaches.

To comply with the HIPAA Omnibus Rule, business associates and their subcontractors must immediately take several steps, including thoroughly documenting their privacy and security practices, says security expert Susan Lucci.

Security threats to healthcare organizations are on the rise - and so are regulatory requirements. Kim Singletary of McAfee discusses the top breach prevention and response challenges for healthcare organizations in 2013.

Outsourcing to the cloud poses new risks, especially for card data. The PCI Council addresses those risks in its just-released cloud security guidance, and Bob Russo offers exclusive insights.

How can security pros help organizations prevent breaches and data loss? The Online Trust Alliance has released its latest guide to data protection and breach readiness, and OTA founder Craig Spiezle offers tips.

The new, much more objective guidance for reporting breaches that's included in the HIPAA omnibus rule will result in an increase in notifications, predicts privacy law expert Marcy Wilder.

Containerization - it's the latest strategy for securing the critical data accessed by remote workers and mobile devices. How is the concept deployed? David Lingenfelter of Fiberlink offers insight.

As the National Institutes of Health ramps up research projects involving human genomes, electronic health records and other sensitive data, it's exploring the best ways to protect that data, says research director Eric Green, M.D., PhD.

Susan McAndrew of the HHS Office for Civil Rights offers a detailed analysis of the final omnibus rule, which extensively modifies HIPAA and provides new guidance about when to report a breach.

As enterprises move more applications to the cloud, continuous monitoring will play a greater role in assuring the software is patched in a timely manner, says John Streufert, DHS director of federal network resilience.

In 2012, we saw the rise of state-sponsored malware, as well as the evolution of Trojans and ransomware. What new threats will 2013 bring? Adam Kujawa of Malwarebytes offers insights.

It's not malware, crime rings or hacktivists. What, then, are among the threats that concern security leaders most? CISO Tom Newton offers new insight on today's top threats and strategies to combat them.

Sharing information about physical and cyber threats needn't be segregated under the U.S. federal government's National Strategy for Information Sharing and Safeguarding, says Kshemendra Paul, who manages the implementation of the strategy.

ENISA, the European Union cyber-agency, is out with its first-ever Threat Landscape report. What are the emerging threats and vulnerabilities, and how should organizations globally respond to them?

The idea of the U.S. federal government and industry jointly developing IT security best practices will do little to help critical infrastructure operators defend against cyber-risk, says Business Roundtable Vice President Liz Gasster.

Smart phones that give many IT security managers headaches in developing security policies are being used in increasing numbers to help safeguard systems and applications, thanks to more muscular biometric features, says Steve Vinsik of Unisys.

It isn't so much the changing threat landscape that causes security leaders to re-assess their approach to incident response. Mobility and the expanding perimeter are the real factors driving change.

With Congress facing $1.2 trillion in budget cuts, Federal Chief Information Officer Steven VanRoekel says funding for cybersecurity initiatives will likely be affected. But with smart planning, government information technology should not be placed at risk.