Healthcare Information Security Podcast

Eddie Schwartz, the new - and first - chief security officer of RSA, says the IT security provider hit by a sophisticated advanced-persistent-threat attack in March is focusing internal security on efforts to reduce the time an intruder can go undetected.

A key factor in minimizing the risk of a breach when working with business associates is to provide these partners with the minimum amount of information they need to perform their services, says security expert Brian Lapidus.

Organizations' biggest obstacles to privacy protection are the organizations themselves - specifically, their silos - says Dr. Ann Cavoukian, proponent of the new concept, Privacy by Redesign.

SafeNet CEO Chris Fedde says top executives, not chief information or chief information security officers, should have final say on what data to encrypt.

A new consortium is leading an effort to devise best practices for ensuring the security of networked medical devices.

Northrop Grumman Cybersecurity Research Consortium's Robert Brammer says IT security researchers should think like Wayne Gretzky, the National Hockey League hall of famer: Skate to where the puck will be.

The latest component of the U.S. Department of Veterans Affairs' ongoing effort to protect medical devices from malware is the creation of a centralized patch management system, says Randy Ledsome, the VA's acting director of field security operations.

Working with business associates to prevent health information breaches requires far more than writing detailed contract terms on privacy and security, says regulatory expert Christopher Hourihan.

The PCI Security Standards Council's new guidance on virtualization in the payments space aims to provide best practices for securing the payments chain's virtual platforms and appliances.

The executive director of a Southern California health information exchange describes a pilot project that's testing whether patient identifiers make it easier to match patients to their records from multiple organizations.

IT security expert Marcus Ranum says RSA's offer to replace its SecurID tokens is a deal worth taking.

What's the top threat on the minds of global IT leaders? Employee-owned mobile devices - or BYOD (bring your own device), as the trend is known. The struggle: Do mobile device benefits outweigh the organizational risks?

Quantifying the safety or danger of cyberspace is tough. But a highly respected IT security practitioner and an experienced risk management consultant have teamed to develop an index they contend reflects the relative security of cyberspace by aggregating the views of information security industry professionals.

Adam Greene, the primary author of the proposed accounting of disclosures rule mandated under the HITECH Act, describes its major provisions and offers advice on how to prepare.

The same approach governments and businesses employ to protect individuals from the dangers of secondhand smoke could be applied to safeguard cyberspace, says Scott Charney, Microsoft's vice president of trustworthy computing, engineering excellence and environmental sustainability.

"Ethical hacking" - is the term an oxymoron, or is it one of today's necessities in the fight against cybercrime? Jay Bavisi, president and co-founder of the EC Council, feels strongly about why we need ethical hackers more today than ever before.

From Epsilon to Sony, recent data breaches and legislative trends tell a dramatic story about the turbulent state of privacy worldwide, according to J. Trevor Hughes, head of the International Association of Privacy Professionals.

Kirk Herath, Chief Privacy Officer at Nationwide Insurance Companies, has been in privacy management for more than a decade, and he has two main concerns about today's enterprise: Mobile technology and cloud computing.

The recent data breaches at Epsilon and Sony should send a chilling message to privacy officers everywhere. "You can't prepare enough," says Kirk Herath, chief privacy officer of Nationwide Insurance Companies.

A new Chicago health information exchange will use a cloud computing architecture with security provisions, says Terri Jacobsen, who's directing the project.