Electronically protected health information (ePHI) has become a target for malicious attack, according to a recent report by Redspin, Inc., a provider of HIPAA risk analysis and IT security assessment services. The report was conducted between August 2009– when the HITECH breach notification interim final rule (IFR) went into effect—and the end of 2010.
The cost of achieving regulatory security compliance is on average $3.5 million each year, according to a survey of 160 individuals leading the IT, privacy and audit efforts at 46 multinational organizations
Dell today announced it has signed a definitive agreement to acquire SecureWorks® Inc., a globally recognized provider of information-security services. SecureWorks’ industry leading Security-as-a-Service solutions include Managed-Security Services, Security and Risk Consulting Services and Threat Intelligence. The acquisition expands Dell’s global IT-as-a-Service offerings and information security expertise.
The National Institute of Standards and Technology has released a draft of its guidelines for implementing enterprisewide information risk management. The document defines the underlying principles for implementing the Federal Information Security Management Act.
On the heels of Forrester’s GRC Market Overview last month, this week we published my Governance, Risk, And Compliance Predictions: 2011 And Beyond report. Based on our research with GRC vendors, buyers, and users, this paper highlights the aggressive regulatory environment and greater attention to risk management as drivers for change
The key revisions cover areas such as log management and scoping the environment to understand where cardholders reside. There were also revisions meant to enable organizations to develop a risk-based assessment approach based on their specific business circumstances as well as changes designed to appeal to small merchants to simplify their compliance efforts.
The names, addresses and some health information of 280,000 Medicaid enrollees in Pennsylvania could be at risk after two affiliated managed care organizations reported the loss of a hard drive from a portable computer.The hard drive went missing in the corporate offices of either Philadelphia-based Keystone Mercy Health Plan or Harrisburg-based AmeriHealth Mercy Health Plan, the Philadelphia Inquirer reports. The two companies cover a total of 400,000 Medicaid patients in the state.
If there was any doubt about the popularity of electronic dupery, it should be put to rest with a report on global fraud released the week by the risk management consulting firm Kroll. For the first time since 2007, when the company began putting together its annual survey on crime, electronic fraud surpassed physical scams as the most common form of fraud in the world.
Forrester has launched an online community for security and risk professionals. The community is a place for security and risk professionals to exchange ideas, opinions, and real-world solutions with each other. Forrester analysts will also be part of the community, helping facilitate the discussions and sharing their views.
Research released today makes the damning assertion that, with more than half of all software failing to meet acceptable security levels, 80% of all web applications are at risk of failing a PCI audit.