Federal regulators have issued new guidance to clarify scenarios where HIPAA privacy and security regulation might apply, including for mobile health applications and electronic data exchange. Why are some organizations still so confused?
Java users are being warned to only use newly released installers to avoid a nasty potential exploit. Meanwhile, a veteran bug hunter questions whether Oracle's move to ditch Java browser plug-ins will have a significant security upside.
"We never negotiate" might be the expectation whenever law enforcement or government agencies get targeted by criminals or even "cyberterrorists." But outside Hollywood, the reality too often turns out to be far less rigid.
Sometimes language barriers can be a good thing: Many malware-wielding cybercriminals have historically targeted users in North America and Europe over Japan, owing to linguistic challenges. But that's changing.
Here's why the acquisition of rival threat-intelligence firm iSight Partners by breach investigation heavyweight FireEye makes sense, and why market watchers predict that other stand-alone intelligence firms will soon get snapped up.
The discovery of a serious remote code execution flaw in Trend Micro's consumer security software - now patched - is a reminder that even security software has code-level flaws. But shouldn't security vendors be held to a higher standard than others?
Four years after European criminals exploited EMV implementation vulnerabilities to steal an estimated $650,000, security experts say not all banks have adopted full fixes. But the payment card industry contends related mitigations are in place and working.
LabMD's recent victory in its long legal battle with the Federal Trade Commission will be short-lived, the medical testing lab's CEO predicts. Find out why, and what changes Michael Daugherty hopes the case will bring to FTC's enforcement practices.
Security experts trace many of the world's cybercrime attacks to Russia. But Russian authorities never extradite suspects, and they allow hackers to operate with impunity - if they play by some ground rules.
Thou shalt not reverse engineer Oracle's products. That was the stunning diktat issued by Oracle CSO Mary Ann Davidson in a blog post that some are reading as a declaration of war against the security research community.
A new report says the Department of Health and Human Services has several security weaknesses that may have contributed to five recent data breaches. But are other healthcare entities guilty of the same mistakes?
The Ashley Madison dating website hack and threatened data release is a perfect illustration of the perils - and promise - of our Internet-connected, hacktivist age, whether it comes to online dating or the Internet of Things.
Recent breaches and regulatory audits have sharpened the focus on third-party risks. How are healthcare entities tackling this critical topic of business associate management? Attorney David Szabo shares insights.