Info Risk Today Podcast

Why is devising a reliable patient identifier such a critical issue? Because matching a patient to the wrong records creates serious safety risks as well as privacy problems, says CIO Marc Probst, who explains in an interview how he's tackling the issue at Intermountain Healthcare.

Healthcare organizations need to carefully scrutinize the security of electronic health records and other applications they use because encryption and other features often have shortcomings, says Chris Wysopal, CISO at the security firm Veracode.

Because of the U.S. migration to EMV, 2016 is expected to be a watershed year for mobile payment adoption, says Randy Vanderhoof of the EMV Migration Forum. Now, he says, the industry should be more focused on new applications hitting the market than on the number of adopters.

Extortion campaigns waged by cybercriminals are expected to become more damaging in 2016, putting additional pressure on CISOs to enhance protection of internal networks and educate employees about extortionists' techniques, says iSight Partner's John Miller.

If presidential candidates don't have the technical know-how to take an educated stand on whether tech companies should provide the government with a backdoor to encryption, how can we judge if they'll make the right choice if they get elected?

Proposed HIPAA Privacy Rule changes in pending federal legislation could lead to elimination of the requirement to de-identify patient data that's used for research purposes, raising questions about whether that data will be at a higher risk for breaches, warns data de-identification expert Khaled El Emam.

In this in-depth audio report, a panel of experts addresses the challenge of detecting insider threats and outlines the latest approaches, including "sentiment and linguistic" systems.

One of the most dangerous myths about malware is that hackers aren't targeting smaller healthcare entities, says security researcher Lysa Myers, who offers mitigation insights for clinics and others.

In 2016, the healthcare sector faces a variety of complex legislative and regulatory issues, especially those tied to patient privacy, says attorney Kirk Nahra. For example, new rules could emerge covering the use of patient data in research.

As Art Gilliland, CEO of Skyport Systems, assesses cybersecurity in 2016, he sees distinct strengths, weakness and opportunities for the next generation of leaders. The question is: Where will we find these leaders?

When it comes to threat detection, spotting malicious insiders is one thing. They often leave a trail. But how do you protect against the accidental insider threat? Mike Siegel, VP of Products at Forcepoint, shares strategy and solutions.

The primary mission of the new Global Cyber Alliance is to identify measurable ways to mitigate cyberthreats facing the public and private sectors, says Phil Reitlinger, a former DHS official and Sony CISO, who heads the new group.

Today's enterprise infrastructure is full of blind spots that can hide malicious threats, and traditional security tools struggle to scale up to meet increased demands. How must security leaders respond? Amrit Williams of CloudPassage shares insight.

Attorney Kevin McGinty analyzes the potential impact of a Massachusetts judge's unusual decision to allow a class-action lawsuit stemming from a health data breach to proceed, despite a lack of evidence of harm stemming from the incident.

The FFIEC's Cybersecurity Assessment Tool is already being integrated into regulators' cybersecurity examinations, says Gartner analyst Avivah Litan. But the tool has so far led to more confusion than clarity, she says, and must be enhanced in 2016.

Expect rebooted European Union data privacy rules to drive organizations worldwide to begin minimizing the amount of information they collect and store on individuals in 2016, both to protect privacy as well as minimize the impact of data breaches.

In the healthcare sector in 2016, hackers will continue to threaten systems and networks - and possibly medical devices - while federal and state regulators expand and refine their data security enforcement activities.

Boards of directors that figure out how to leverage cybersecurity as a strategic asset will give their organizations a strong competitive advantage, says Lance Hayden of Berkeley Research Group. "Security needs to be part of what the organization uses to competitively differentiate itself."

In the coming months, the Department of Homeland Security will implement a new cyberthreat information sharing law designed to help prevent breaches. But will the Cybersecurity Act of 2015 really make a difference?

The hack of the Office of Personnel Management, revealed in June, represented a turning point. As a result of the cyberattack, breaches became a concern of a wide sphere of government employees and citizens.