Explore the benefits and risks of AI in healthcare, with insights on how GenAI tools can improve threat detection and patient data protection, if used accurately and securely.
Celebrate HIPAA's 28th anniversary with a reflection on its impact, history, benefits, and the ongoing need for improvements in healthcare data privacy and security.
Discover essential insights into database management and security with this free excerpt from Dr. M.E. Kabay's book, The Expert in the Next Office. Learn about the risks of misconfigured databases and why security professionals should understand DB management systems.
AI is being used much more frequently, and in new and unexpected ways, to not only launch social engineering attacks, but also to facilitate many new types of cyberattacks. In addition to research I've done in this area, one of our other Privacy & Security Brainiacs team members, Noah Herold, has also done research for how AI is being used for social engineering and other cybercrime tactics.
Calls impersonating/spoofing others are becoming harder to spot as technology advances, and as artificial intelligence (AI) tools are able to audibly sound just like the legitimate person they are claiming to be. It makes it important for you (and your family, friends and customers) to keep awareness high.
We have a medium-sized hospital, with seven clinics, telehealth and mobile (including home visits) healthcare services. Different vendors are giving us conflicting information about the requirements for HIPAA physical safeguards. Some vendors have told us that physical safeguards only apply to using locks and cameras on our hospital building. Others said other things. Can you help us understand what HIPAA actually requires to meet their physical safeguard requirements?
Listen in to hear my riveting conversation with Christine Abruzzi, a cybersecurity expert with 30 years of experience, and owner of Cacapon Cyber Solutions, describing her current real-life experiences in helping a family member who is an identity theft victim.
Many types of "smart" internet-of-things (IoT) wirelessly-connected jewelry have popped up in recent years. We even answered a question about the Oura Ring, in our August issue. But, is this jewelry, meant to provide safety alerts, privacy-friendly, and cyber-secure?
Because of the complexity of the IoT products, there are many security and privacy vulnerabilities within IoT products. And so they are also a favorite target of cybercrooks, cyber snoops, and others who want to know how, when and where you're using your IoT products.
In our Privacy Professor January Tips of the Month, one of the privacy beacons we highlighted was the "Cover Your Tracks" website from the Electronic Frontier Foundation (EFF). Here are the results of our testing with this website.
Many of our Privacy and Security Brainiacs and Privacy Professor consultancy clients have asked for a simple description of the Log4j problems they've seen so much about in the news lately. Here are some key facts and advice we've provided to them.
What encryption solution businesses use? Every type of organization will typically each need to use at least two, but usually more, types of encryption solutions to meet their needs. Why? Because each organization needs to encrypt personal data, sensitive data, and a wide range of other types of regulated data, wherever the data is collected, stored, or transmitted.
2020 was a wakeup call for more than healthcare pandemic preparedness. It also exposed some huge security and privacy vulnerabilities, that many cybercrooks have exploited thousands of times throughout the year, for remote workers; both those work-from-home (WFH) employees, along with those mobile workers who have largely been going under the CISOs' and information security departments' radars for the past two to three decades. Will cybersecurity and privacy pros heed the lessons learned from the awakening?
In my previous blog post, I described how one of my monthly Privacy Professor Tips readers recently sent me a question about some unusual coincidences where it seemed that home conversations and activities were then known and discussed by workers. When working from home, or mobile working while traveling, it is important to remember that cybercrooks and business competition are actively exploiting the vulnerabilities that are present in most home offices, hotels, restaurants, airports, and a long list of other locations where remote work occurs.
With what may be the majority of office workers throughout the world now working from home, cybercrooks and business competition are actively exploiting the vulnerabilities that are present in most home offices. This series of blog posts focus on fours ways in which digital spies enter home office areas, and some information security and privacy protections you can put in place to shut the holes in the digital pathways created into your organization through working from home office areas. Part 1 provides an overview of digital spies coming through IOT devices.
There will come the inevitable day when your organization will need to make a privacy breach notice. Will you be prepared and know what to do when this day comes?
All organizations need to identify and document all the outsourced and contracted entities that possess or otherwise access their information, in all forms. Here are some reasons why.
With the preponderance of people now taking photos and videos with their phones as part of their standard daily activities, the number of situations where healthcare workers are capturing images and posting on their Instagram, Facebook and other social media sites is dramatically increasing. What does this mean for compliance with the HIPPA Privacy Rule?
Is it a HIPAA violation to call out a patient's full name in the waiting room? What factors go into deciding whether something like this is a HIPAA violation? The Privacy Professor Explains.
A right to audit clause is a good idea for all types of organizations, of all sizes, not only as a way to demonstrate due care, about also to to be proactive in preventing privacy breaches and security incidents. Here are the top reasons why you should have right to audit clauses within business partner contracts.
Eddie Tipton, an information security officer, was able to successfully rig the Hot Lotto random number generator and commit the largest lottery fraud in US History. How did he do it? The Privacy Professor explains.
During my work with a wide range of small to large organizations, in a wide range of industries, I've found there are some common reasons why encryption is not implemented. Here are the top four I've run across.