HIPAA Compliance | Breaking Cybersecurity News | The Hacker News

Investing in digital identity can improve security, increase clinical productivity, and boost healthcare's bottom line.  —  b y Gus Malezis, CEO of Imprivata Digitalization has created immeasurable opportunities for businesses over the past two decades. But the growth of hybrid work and expansion of Internet of Things (IoT) has outpaced traditional 'castle and moat' cybersecurity, introducing unprecedented vulnerabilities, especially in the healthcare industry. Although all organizations have important data to secure, healthcare holds some of the public's most sensitive personal health information (PHI) – not to mention insurance and financial data, as well.  We all expect this information to be secured and protected, especially with HIPAA laws in place. However, due to increasing IT fragmentation and the growing sophistication of cyberattacks, this is no longer guaranteed. In fact, the number of individuals affected by health data breaches in the U.S. since 2009 is ...

Okta, a company that provides identity and access management services, disclosed on Wednesday that some of its source code repositories were accessed in an unauthorized manner earlier this month. "There is no impact to any customers, including any HIPAA, FedRAMP, or DoD customers," the company  said  in a public statement. "No action is required by customers." The security event, which was  first reported  by Bleeping Computer, involved unidentified threat actors gaining access to the Okta Workforce Identity Cloud ( WIC ) code repositories hosted on GitHub. The access was subsequently abused to copy the source code. The cloud-based identity management platform noted that it was alerted to the incident by Microsoft-owned GitHub in early December 2022. It also emphasized that the breach did not result in unauthorized access to customer data or the Okta service. Upon discovering the lapse, Okta said it placed temporary restrictions on repository access and that i...

In cybersecurity, confidence is a double-edged sword. Organizations often operate under a false sense of security , believing that patched vulnerabilities, up-to-date tools, polished dashboards, and glowing risk scores guarantee safety. The reality is a bit of a different story. In the real world, checking the right boxes doesn't equal being secure. As Sun Tzu warned, "Strategy without tactics is the slowest route to victory. Tactics without strategy is the noise before defeat." Two and a half millennia later, the concept still holds: your organization's cybersecurity defenses must be strategically validated under real-world conditions to ensure your business's very survival. Today, more than ever, you need Adversarial Exposure Validation (AEV) , the essential strategy that's still missing from most security frameworks. The Danger of False Confidence Conventional wisdom suggests that if you've patched known bugs, deployed a stack of well-regarded security tools, and passed the nec...

When dealing with user data, it's essential that we design our password policies around compliance. These policies are defined both internally and externally. While companies uphold their own password standards, outside forces like HIPAA and NIST have a heavy influence. Impacts are defined by industry and one's unique infrastructure. How do IT departments maintain compliance with NIST and HIPAA? We'll discuss each compliance measure and its importance in this article. What is NIST compliance? Defined by the National Institute of Standards and Technology, NIST compliance aims to harden federal systems against cyber-attacks. While the agency is non-regulatory, it  is  part of the U.S. Department of Commerce, which has plenty of influence over government agencies and their contractors. For example, NIST guidelines help agencies  satisfy the requirements of the Federal Information Security Management Act  (FISMA). NIST is instrumental in creating Federal Informatio...