Healthcare Information Security Podcast

As enterprises spend frugally on IT security, cybercriminals aren't, and that presents big problems for organizations working feverishly to secure their digital assets, says Steve Durbin, global vice president of the Information Security Forum.

Mobile device management systems are relatively immature, so shoppers need to ask probing questions about the systems' functionality, advises security consultant J. David Kirby.

Where's the best place to build a large healthcare data security center? A new study suggests Sioux Falls, S.D.

Organizations and leaders seeking to assure the privacy of their customers should implement privacy by design in the development process, privacy lawyer Alan Friel says.

An omnibus package of regulations that includes a final version of extensive HIPAA modifications, which have been pending since 2010, as well as a final version of the HIPAA breach notification rule has moved one major step closer to completion.

The average per capita cost of a data breach has declined from $214 to $194, according to the new Cost of a Data Breach study. But there are still plenty of causes for concern, says Dr. Larry Ponemon.

Verizon's 2012 Data Breach Investigations Report shows dramatic increases in attacks linked to hacktivist groups like Anonymous and LulzSec. How should organizations respond to this evolving threat?

Health information exchanges should obtain patient permission before they take any steps toward making medical records available for potential exchange, according to a new report from the New York Civil Liberties Union.

Protecting the availability, confidentiality and integrity of information are the core tenets of IT security. But an FBI cybersecurity leader, Steve Chabinsky, suggests the central theme of IT security needs to be broadened to include assurance and attribution.

Cloud-computing service provider contracts, for most businesses and government customers, are take-it-or-leave it propositions, so organizations must approach a services agreement cautiously, IT security lawyer Françoise Gilbert says.

One important way to prepare for Stage 2 of the HITECH Act electronic health record incentive program is to take steps toward eliminating storage of patient records on mobile devices, says privacy expert Deborah Gascard Wolf.

Apple's introduction of its third iteration of the iPad e-tablet, coupled with the growing popularity of cloud computing, could lead to new methods of enterprise computing and IT security, Delaware Chief Security Officer Elayne Starkey says.

Apple's release of the new iPad will affect business. How should organizations incorporate new mobile concerns into their BYOD policies? Joe Rogalski of New York's First Niagara Bank weighs in.

Consumer advocate Deven McGraw describes what she likes and doesn't like about the privacy and security provisions in the proposed rules for Stage 2 of the HITECH Act electronic health record incentive program.

Because winning the support of CEOs for any new project requires demonstrating a return on investment, information security professionals need to more precisely quantify the potential payoff of their suggested spending on technologies and training, according to a new report.

Imperva would neither confirm nor deny it helped defend the Vatican website from a hacktivist assault last year, but the IT security provider's director of security, Rob Rachwald, explains how such an attack was constructed and defended.

Commerce Undersecretary for Standards and Technology Patrick Gallagher sees the private sector, not government, taking the lead to develop tools, processes and standards to help safeguard IT systems and data in and out of government.

What are the top global breach trends and threats that organizations should be watching? Wade Baker of Verizon offers insights gleaned from a new study of his group's latest investigations.

White House Cybersecurity Coordinator Howard Schmidt, in an exclusive interview, expresses optimism that Congress could enact significant cybersecurity legislation this year even if President Obama doesn't get all that he wants in an IT security bill.

A consortium of eight major information technology companies is continuing development of a free framework designed to make it easier to exchange information about security vulnerabilities.