Careers Information Security Podcast

Many medical devices, especially older ones, were not designed with cybersecurity in mind, so healthcare organizations need to take special precautions to reduce risks, says security expert Justine Bone, who describes effective strategies.

The technology and operating models for identity and access management have evolved with time, but the way many enterprises approach IAM has not. How can security leaders modernize their IAM strategy in this era of unprecedented complexity? Patrick Wardrop of IBM Security shares insights.

Privacy attorney Kirk Nahra offers an analysis of the New York state attorney general proposing updates to the state's data security laws and issuing a substantial financial penalty in a HIPAA violations case.

Leading the latest edition of the ISMG Security Report: The Trump administration sanctions Russian organizations and individuals over U.S. election interference, the NotPetya campaign and energy sector hacks. Also featured: A deep dive into the use of so-called active defense.

While the director of the HHS Office for Civil Rights says HIPAA enforcement remains a top priority for the agency, obtaining enough resources to carry out its mission is an ongoing battle, says former OCR official Deven McGraw.

With modern agile development practices, such as DevOps, the time for development has been significantly reduced. So security can no longer be just a step in the process; it needs to be a continuous part of the development lifecycle, says CA Technologies' Ayman Sayed.

Penetration testing can help find vulnerabilities that aren't typically identified by scanning and other monitoring. But the testing comes with some risks, Duke Health CISO Chuck Kelser and pen tester John Nye explain in a joint interview.

As more data moves to the cloud, and cyberattacks multiply, organizations need to adopt an alternate paradigm of security, says Nikhil V. Bagalkotkar, a virtualization specialist at Citrix, who describes a new approach.

Recent ransomware attacks on healthcare entities have been a major security wake-up call, says Rod Piechowski, senior director of health information systems at of HIMSS, who explains what action is needed.

Leading the latest edition of the ISMG Security Report: America's top general says the U.S. response to Russian election interference isn't as well coordinated as it needs to be, and Pennsylvania sues Uber for failing to notify data breach victims in a timely manner.

Bolstering endpoint protection is a top security priority at Partners HealthCare this year, says Jigar Kadakia, CISO of the Boston-based integrated health system. What else is on the agenda?

More healthcare organizations are "decoupling" their HIPAA compliance efforts from their cybersecurity initiatives, a sign that the sector is maturing, says security expert Axel Wirth, discussing findings of a new study by HIMSS Analytics and Symantec.

Based on the feedback it received, the Office of the National Coordinator for Health IT will consider making tweaks to its proposed Trusted Exchange Framework and Common Agreement, including provisions related to privacy and security, says ONC's Genevieve Morris.

Bringing identity and access management to the next level and investigating the potential that blockchain offers to improve the management of device IDs are among the priority security projects at Sentara Healthcare, an integrated delivery system serving Virginia and North Carolina, says CISO Daniel Bowden.

In an age when every organization is essentially borderless, how do security leaders approach securing the borderless network? Paul Martini of iboss Cybersecurity offers insights and solutions.

Although more organizations are adopting cloud access security broker technology, CASB policy templates and runbooks, as well as best practices, are still evolving, says Rohit Gupta, group vice president for cloud security products at Oracle Corp.

When working with cloud service providers, healthcare organizations must take responsibility for security practices rather than relying on the vendor, says Sonia Arista, a security consultant who formerly was CISO at Tufts Medical Center. She's a featured speaker at the HIMSS18 conference.

To keep up with the ever-evolving cyberthreat landscape, healthcare organizations must combine basic security principles with advanced technologies, Kristopher Kusche, CISO at Albany Medical Center, says in an interview at the HIMSS18 conference.

User behavior analytics and data loss prevention tools are among the most promising yet underutilized or improperly implemented security technologies in healthcare, says security consultant Mark Dill, formerly of the Cleveland Clinic, a featured speaker at the HIMSS18 conference.

Many banking institutions boast of being "digital first" and enabling "omnichannel banking." But are they fully aware of the new fraud risks they also are inviting? Kimberly Sutherland and Kimberly White of LexisNexis Risk Solutions discuss how to mitigate omnichannel fraud.