Archive

Posts Tagged ‘cyber risk’

Message sent and received: First HIPAA settlement involving a business associate – a cautionary tale

obamacare_repealThe math is eye-opening — a $650,000 settlement for breach affecting 412 people. In the first HIPAA settlement involving a “business associate,” HHS’s Office of Civil Rights (OCR) has sent a strong message to all business associates about the importance of complying with HIPAA’s privacy and security rules.

Catholic Health Care Services of the Archdiocese of Philadelphia (CHCS), a non-profit organization that provides management and information technology services to skilled nursing facilities, is a business associate under HIPAA because performed certain services using protected health information (PHI) on behalf of a HIPAA “covered entity” (a description of covered entities is here and a description of business associates is here). In 2014 a smartphone provided by CHCS to an employee was stolen. The smartphone had PHI of 412 patients and was neither encrypted nor password-protected. Read more…

Latest cyber news: Data breach at top hospital MGH


cyber_massgenYour weakest cyber security leak may be outside your own network. In another demonstration of how an organization can face significant financial and reputational exposure from another’s failure of cyber security, Massachusetts General Hospital announced on this week that one of its vendors suffered a cyber breach — on the vendor’s own network — that exposed more than 4,000 records of MGH patients. Some of the compromised information may have included patient names, dates of birth and Social Security numbers.

Read more…

Scammers are phishing for tax refunds

W2At least a dozen companies have recently been tricked into sending employees’ W-2 Forms to unknown third parties in response to email requests that appeared to be from others within the corporate network.   The immediate goal of the scammers is apparently to file fraudulent tax returns in the name of the victims and seek large refunds. W-2s contain almost all the information they need.

Tax refund fraud a growth business. The FTC has indicated that it is largely responsible for last year’s dramatic increase (nearly 50%) in complaints of consumer identity fraud.  Scammers seeking fraudulent tax refunds even stole sensitive data of about 330,000 people from the IRS’s own website. Read more…

Wyndham settlement validates FTC authority in cyber security

laptop_binaryThe very well-known Wyndham Hotel and Resorts data breach is once again in the news. This time the company has agreed to settle with the Federal Trade Commission (FTC). In 2014, the payment card information (PCI) data of thousands of customers was hacked in three separate instances due to poor cyber security. With this settlement, Wyndham has agreed to develop a sophisticated data security program that will protect PCI and other payment methods while also conducting annual audits to ensure the safety of customer information.

According to the FTC’s press release, the hotel chain must institute secure networks so hackers cannot gain access again. In addition, Wyndham is required to perform formal risk assessment procedures with a certified auditor. These two measures have been put in place to minimize the possibility of any future hacks.  Read more…

Examining the rewards and risks of wearable tech

July 28, 2015 1 comment

wearable_techThe important role of technology in our daily lives continues to grow and is now being fueled by the development of smaller more personal devices. Wearable technology are small, electronic devices designed to track and collect data for various purposes – ranging from smart watches and fitness monitors, to full desktop experiences offered by smart glasses. According to a PwC report entitled The Wearable Future, twenty percent of Americans already own a wearable device and this number is expected to rise, with most users utilizes these devices to record exercise efficiency (81%), track dietary and medical info (71%), and for notifications on deals on retail purchases (51%).

The market for wearable tech is expected to expand with a jump from $5 billion in 2014 to over an estimated $12 billion by 2018, according to Statista. There is no denying the significant influence these wearable devices have on how we live and work, however as is the case with many forward-thinking innovations, along with the rewards of advancement also comes some risksRead more…

Marital affair website demonstrates new dimensions of personal data risk

man_computerCyber risk for most organizations has a focus on the personal data of customers.  Primarily this means social security numbers, date of birth, address, credit card numbers and the like.  All of that is bad enough when lost in connection with a data breach, but companies must now also be aware of growing threats of cyber extortion schemes.

The recent announcement that Ashley Madison, the marital-affair-promoting website, has been hacked and subject to extortion takes these problems to a new level.  Disapproving hackers have told Ashley Madison to shut down the site or the extortionists will release customer data.  Reports say that despite Ashley Madison’s policy that private data can be scrubbed from the site for $19, the data is still available to hackers.  The motives of the hackers are still unclear, but what is unusual is that it is not a demand for money. Read more…

The New York Stock Exchange network crash — a false sense of (cyber) security?

stocksMost people were relieved when investigators determined that the recent electronic disruptions at the New York Stock Exchange and United Airlines were caused by internal glitches and not by hackers. The NYSE system crash, caused by a faulty software upgrade, and the United Airlines outage, caused by a faulty router, received great attention as pictures of (and tweets by) idle traders and travelers appeared seemingly everywhere.

Because they involved computers and networks, these outages were discussed by the media with the vocabulary normally used to describe “cyber” events. That’s not surprising, given the initial fear that the NYSE crash in particular was caused by hacking. Read more…