Government Information Security Podcast

In the face of relentless cyberattacks that threaten patient safety, hospitals must strengthen their resilience, with clinical continuity, secure backups and coordinated recovery emerging as critical strategies, said John Riggi of the American Hospital Association and Josh Howell of Rubrik.

As cyberthreats increase and evolve, the security of sensitive data and critical operations is paramount. There is a pressing need for government agencies and critical infrastructure to choose a FedRAMP-authorized identity security, also known as identity governance, solution.

Two years after President Joe Biden's landmark cybersecurity executive order, the question remains: How are federal agencies adapting to the new focus on zero trust and identity governance? SailPoint's Frank Briguglio tackles this question with crucial insights into the state of cybersecurity today.

Proposed changes to the HIPAA Privacy Rule could weaken patient data privacy protections, say Rita Bowen and Zachary Perry of the Association of Health Information Outsourcing Services, who explain why in this joint interview.

As the healthcare sector works to provide patients with secure access to their health information via smartphones and other devices, it must address critical identity and trust issues, says DirectTrust president and CEO Scott Stuewe.

In May, new medical device regulations, including cybersecurity requirements, will take effect in the European Union. How do they compare with requirements in the U.S.? Attorneys Kim Roberts and Adam Solander offer an analysis.

How might a national unique patient identifier improve the accuracy of patient record matching and potentially help address identity fraud? Julie Dooling of the American Healthcare Information Management Association - which has been lobbying for the development of such an ID - makes the case.

Government entities struggle not just to measure the effectiveness of their cybersecurity controls, but also how their metrics align to the agency's unique mission. Matt Alderman and John Chirhart of Tenable Network Security offer advice.

As the Department of Health and Human Services gears up for its second round of HIPAA compliance audits, the focus will shift to using these audits for potential enforcement actions, including financial settlements, predicts attorney Anna Spencer.

In an exclusive interview, Harris Health System CISO Jeffrey Vinson explains how his team is spearheading an effort to help the federal government and the healthcare industry improve cyber threat intelligence sharing.

The healthcare cyber threat landscape will become even more menacing next year, while a shortage of cybersecurity resources will make dealing with those challenges increasingly difficult, predicts Charles Christian, chairman of CHIME.

The Big Data explosion will expand in volume, velocity and variety. Analytics are key to deriving insights from this data, particularly in cybersecurity and anti-fraud, says Dominic Ligot of Teradata Philippines.

Federal regulators will likely announce a number of eye-popping financial settlements for HIPAA violations later this year as a result of breach investigations, predicts privacy attorney Adam Greene.

Texas Chief Information Security Officer Brian Engle, like other CISOs, has voiced concerns that the state government didn't have sufficient staffers and managers with the right set of IT security skills. Engle, however, did something about it.

U.S. President Barack Obama's visit to India this month may prove to be the fulcrum for a new era of Indo-U.S. cyber cooperation and collaboration, says Bruce McConnell, senior vice president at the EastWest Institute.

Tripwire CTO Dwayne Melancon, a keen observer of risk management practices in the federal government, says he's seen a marked improvement in the way federal agencies address risk management, partly because of efforts by DHS.

The Food and Drug Administration's Suzanne Schwartz, M.D., is on a mission to debunk the myth that medical device manufacturers need FDA approval for software updates or patches to address potential vulnerabilities.

To address the reluctance of federal agencies to move sensitive data to the cloud, the former CISO at the Nuclear Regulatory Commission, Patrick Howard, and his colleague, Michael Rohde, champion a FedRAMP workaround.

Enabling the secure sharing of patient data is a key aspect of work under way to modernize the Department of Veterans Affair's VistA electronic health record system, says Jim Traficant of ASM Research, which is leading an infrastructure project.

Florida's recent rollout of knowledge-based authentication in the application process for various benefits programs, including Medicaid, is already helping to crack down on ID theft and fraud, says Andrew McClenahan, who heads the effort.

Making senior management aware of the risks involved in failing to invest in security technology is essential to getting buy-in, says Phil Curran, CISO at Cooper University Health Care.

Security analyst Doug Mackey says his discovery of a vulnerability in the Department of Veterans Affairs' VistA electronic health record system highlights the importance of software security testing.

Researchers have a new option for securely accessing more than 400 billion federal healthcare records via a virtual data center, says Niall Brennan of the Centers for Medicare and Medicaid Services.

From a risk management perspective, the federal HealthCare.gov website should be shut down until its technical problems are fixed and end-to-end security testing is completed, says consumer advocate Christopher Rasmussen.

Curt Kwak, CIO of the Washington state health insurance exchange, explains the steps his team took to help ensure the launch went relatively smoothly, paving the way for thousands to sign up for insurance.

Attorney Maureen Ruane, who has prosecuted dozens of healthcare fraud cases, explains how the rollout of electronic health record systems at hospitals and clinics is creating new potential opportunities for fraud.

As healthcare organizations ramp up HIPAA compliance efforts, they should make far greater use of guidance from the National Institute of Standards and Technology, says security consultant Mac McMillan.

The resumption of the HIPAA compliance audit program is on hold while regulators analyze pilot audit project results and implement the HIPAA Omnibus Rule, says Susan McAndrew of the HHS Office for Civil Rights.

Susan McAndrew of the HHS Office for Civil Rights offers a detailed analysis of the final omnibus rule, which extensively modifies HIPAA and provides new guidance about when to report a breach.

An important lesson in the aftermath of Superstorm Sandy is the need to beef up contingency plans, including making sure staff members are cross-trained, says Deborah Kobza, CEO of the National Health Information Sharing and Analysis Center.

In creating its mobile-device policy, the city of Honolulu allows its agency heads to tailor policy to meet their individual needs, Honolulu Chief Information Officer Gordon Bruce says.

Too many organizations misunderstand exactly what continuous monitoring is, says Centrify's Matt Hur, who offers insights on how to deploy continuous monitoring solutions for the best results.

The Office of the National Coordinator for Health IT is studying use of mobile devices in small healthcare environments. The goal: new mobile security guidance that will be released in 2013.

A two-year-old California law requires each of some 120 state agencies to have an information security officer, but not every agency ISO is well-versed in IT security.

The House is getting ready to vote on a slew of cybersecurity bills, and the Center for Strategic and International Studies' James Lewis provides the skinny on the measures and their chances of passage.

This year's HIPAA compliance audit program will come up somewhat short of the target of 150 audits, says Leon Rodriguez, the nation's lead HIPAA enforcer.

From mobile malware to the Anonymous hacktivist attacks, how can organizations tackle the changing threat landscape? In an RSA Conference preview, Joe Rogalski of First Niagara Bank shares ideas.

"Literally, in my entire time working in the privacy field, I've never seen such profound and aggressive activity by the government in the privacy space," privacy expert Thomas Oscherwitz says.

This week's top news and views: Cyber reforms vanish, State Department creates cyber issues post, why risk management is hot and less stress during social media blackout. Don't miss our audio week-in-review podcast by Executive Editor Eric Chabrow

A new White House plan to reform how the feds manage IT should not only drive efficiencies but help secure digital assets, says Tim Young, former Office of Management and Budget deputy administrator for e-government and IT.

Cybersecurity reform stopped in the Senate, White House unveils new way to manage federal IT that emphasizes cloud computing and data consolidation and tips on preventing a WikiLeaks-style breach.

"We use the Social Security number in every aspect, both mundane and sensitive," says Conti, coauthor of a report on the military's use of personal identifiable information. "It's everywhere, so we're courting disaster in how we us it."

The identity credential is evolving, and the newest iteration is the electronic driver's license, which could revolutionize how we verify identity in both the real and virtual worlds.

Impact of the WikiLeak leaks, infosec spending rise, Delaware's CSO.

Delaware's Department of Technology and Information is one of only two state departments in which all employees aren't protected by civil service, and state CSO Elayne Starkey says that approach attracts high-caliber infosec professionals.

Here's the top news and views for the past month: Navy gets new CIO, Cleveland Federal Reserve hacked, new GOP IT security leader praised, hackers next target could be the car.

One of the more intriguing tradeoffs with information security is green IT, says Robert Brammer, Northrop Grumman Information Systems vice president of advance technology.

This week's top news and views: Congress returns to Washington, but few see passage of cybersecurity legislation and a call for CISOs to take the lead in helping transform state government. And don't miss our audio week-in-review podcast by Executive Editor Eric Chabrow.

This week's top news and views: automobiles as potential hackers' target, unrealistic expectations for cyber awareness training and Social Security Administration faulted on lax IT security enforcement.

Gemalto's Ksheerabdhi Krishna on Physical-Virtual Synergies