Info Risk Today Podcast

With federal regulators moving closer to restarting the delayed HIPAA compliance audit program, now is the time for covered entities and business associates to prepare for potential scrutiny, says healthcare attorney Brad Rostolsky.

The method the Internal Revenue Service used to authenticate users, which failed to keep sophisticated hackers from breaching a taxpayer-facing system, has been widely criticized by cybersecurity experts.

To entice more women, as well as men, to enter information security professions, researcher Lysa Myers says the industry needs to kill its boring image and better communicate the full array of opportunities available and the skills that are in demand.

A game-changing impact of the Edward Snowden leaks about previously secret National Security Agency surveillance activities is the increased use of encryption, such as to protect email, says Peter Swire, a former White House chief privacy counsel.

Vendors' and software makers' over-reliance on security messages and warnings has left users habituated to them, thus rendering such alerts less effective or even worthless, warns cybersecurity expert Alan Woodward.

In an exclusive interview, independent security researcher Billy Rios describes security vulnerabilities that he discovered last year in medical infusion pumps, which led two federal agencies to issue recent warnings.

Citing as inspiration the Manhattan Project, in which the United States developed the atomic bomb during World War II, Sam Visner is leading an effort to get cybersecurity researchers to collaborate in developing new ways to defend cyberspace.

Achieving secure nationwide data exchange will gain momentum thanks to healthcare payment reform that rewards collaborative efforts, says David Whitlinger, leader of New York's HIE initiative.

Because healthcare organizations are juggling so many information security, privacy and regulatory demands, hiring individuals with key professional certifications who can help optimize limited resources is critical, says security expert Steven Penn.

In addition to providing training, healthcare organizations should consider implementing technology to help prevent user mistakes that can lead to breaches of protected health information, says Geoffrey Bibby of ZixCorp.

Dick Williams, CEO of digital security firm Webroot, says the cybersecurity profession needs more than just technical experts. Learn why he says firms will seek out those who can understand the behaviors of cyber-attackers.

Although the 2015 Healthcare Information Security Today survey shows improving regulatory compliance is priority No. 1, CISO Cris Ewell of Seattle Children's Hospital suggests building a strong information security program should be a higher priority.

The use of century-old laws and the lack of a data protection regime is hurting India's ability to combat cyberfraud, says independent adviser Nandkumar Saravade. What immediate steps must be taken?

Former RSA Chairman Art Coviello has re-emerged as a partner with venture capital firm Rally Ventures. What's it like to transition from creating new security solutions to discovering and nurturing them?

Patching is among the primary challenges facing enterprises in their adoption of IoT devices. Fortinet's Darren Turnbull shares insight on how to anticipate and respond to the top security obstacles.

Much of today's crime is "cyber-enabled," warns cybercrime expert Raj Samani, and successfully blocking such attacks increasingly demands not just better technology and public-private collaboration, but also an understanding of psychology.

The IT security industry must do a much better job of persuading young people with the requisite math and science skills to join the cybersecurity workforce rather than choose another profession, says David Shearer of (ISC)².

The U.S.'s move to EMV alone will not eliminate fraud because certain data elements could still be exposed in the breach of EMV card transactions, says Jeremy King of the PCI Security Standards Council, who highlights other essential security steps.

Christopher Painter, the United States' top cyber diplomat, says the nation's No. 1 cybersecurity priority is getting nations to agree not to attack their respective critical infrastructures.

In this exclusive interview, Kelly King, CEO of BB&T, one of the nation's largest banks, urges other CEOs to ensure that their executive teams and boards are well-informed about cyber-risks.