Archive

Posts Tagged ‘cyber crime’

Message sent and received: First HIPAA settlement involving a business associate – a cautionary tale

obamacare_repealThe math is eye-opening — a $650,000 settlement for breach affecting 412 people. In the first HIPAA settlement involving a “business associate,” HHS’s Office of Civil Rights (OCR) has sent a strong message to all business associates about the importance of complying with HIPAA’s privacy and security rules.

Catholic Health Care Services of the Archdiocese of Philadelphia (CHCS), a non-profit organization that provides management and information technology services to skilled nursing facilities, is a business associate under HIPAA because performed certain services using protected health information (PHI) on behalf of a HIPAA “covered entity” (a description of covered entities is here and a description of business associates is here). In 2014 a smartphone provided by CHCS to an employee was stolen. The smartphone had PHI of 412 patients and was neither encrypted nor password-protected. Read more…

Latest cyber news: Data breach at top hospital MGH


cyber_massgenYour weakest cyber security leak may be outside your own network. In another demonstration of how an organization can face significant financial and reputational exposure from another’s failure of cyber security, Massachusetts General Hospital announced on this week that one of its vendors suffered a cyber breach — on the vendor’s own network — that exposed more than 4,000 records of MGH patients. Some of the compromised information may have included patient names, dates of birth and Social Security numbers.

Read more…

Emerging encryption matters are the next wave of cyber concerns

lock

In a day and age when hackers are persistently attempting to break into networks, an organization that fails to encrypt its sensitive data is taking a huge risk with both its financial resources and reputation. Unprotected data is a legitimate business problem that is no longer confined to IT, especially when it comes to healthcare organizations where the loss of sensitive unprotected data can result in fraud, identity theft, and stolen financial resources from employees and customers. In these cases the burden or blame ultimately falls upon the most senior executive leaders at an organization. And when it comes to the senior teams knowing their areas of risk, encrypting data and building protections have become the latest concern in evaluating them.  Read more…

The New York Stock Exchange network crash — a false sense of (cyber) security?

stocksMost people were relieved when investigators determined that the recent electronic disruptions at the New York Stock Exchange and United Airlines were caused by internal glitches and not by hackers. The NYSE system crash, caused by a faulty software upgrade, and the United Airlines outage, caused by a faulty router, received great attention as pictures of (and tweets by) idle traders and travelers appeared seemingly everywhere.

Because they involved computers and networks, these outages were discussed by the media with the vocabulary normally used to describe “cyber” events. That’s not surprising, given the initial fear that the NYSE crash in particular was caused by hacking. Read more…

Report cites criminal attacks as primary cause of healthcare data breaches

healthbreachIn the fifth annual Ponemon Institute privacy and security report, cyber attacks were listed as the top cause of healthcare breaches. Officials studied privacy and security trends for healthcare covered entities and their business associates. Over the course of the five years Ponemon has been publishing its annual breach report, criminal activity has grown 125 percent. Officials at the institute discovered 69 percent of healthcare organizations uncovered the breach via an audit or assessment. Forty four percent were discovered by an employee, while another 30 percent were found after a patient complained.

Ponemon stated, “Historically, the main cause of the data breach was the negligence or incompetence or system glitches within the organization, not necessarily criminal activity. This year, criminal activity was the number one cause.” Forty-five percent of respondents in the report claimed criminal attacks were directly responsible for Read more…

Cyberliability governance – early guidance for corporate directors

wyndham_lockWhen confidential personal or medical information is compromised or a computer network is breached, the event is typically described as a “failure” of data or network security. That is not an attractive characterization in realms where blame is assigned. Facing predicted increases in cyber-related shareholder lawsuits, corporate boards and their legal advisers have sought to determine what corporate directors and officers must do to avoid the personal liability that can result from shareholder claims. In an earlier blog post and white paper, I discussed the changing D&O risks associated with cybersecurity exposures. WGA’s Cyber Risk Hub also has an extensive section on cybersecurity corporate governance. Read more…

Collaboration is the key when it comes to cybersecurity

February 23, 2015 Leave a comment

cyber_securityThe President, industry leaders, and lawmakers visited the tech-hub of Stanford University earlier this month for an official White House Summit on Cybersecurity and Consumer Protection. The discussions focused on increasing collaboration between the government and the private sector in order to prevent potentially crippling data breaches. The administration hopes that this will encourage Congress to pass cybersecurity legislation. Here are a few key takeaways from the summit:

  1. Cybersecurity is an issue for all sectors of the economy.
    The Identity Theft Resource Center found that 85 million records were exposed last year both in the public and private sectors. Cyber attackers trumped terrorists as the #1 threat to national security last year while data breaches on companies such as Sony Pictures Entertainment, Target, Home Depot, and most recently, insurance giant Anthem Inc., resulted in costly losses.

Read more…