Blog

Data-Centric Approach Starves Data-Hungry Cybercriminals
Data breach Insider threat Privacy

Using data-centric security stops criminals from stealing healthcare dataIn a slideshow recently published in IT Business Edge, breaches within healthcare organizations hit an all-time high in 2015. With healthcare records growing in value, cybercriminals have realized they can get a quick payout by hacking this confidential information and selling it to other malicious actors or groups.

Healthcare organizations have become easy targets because they tend to place more emphasis on compliance rather than important security measures. Meeting the letter of the law does not mean you are safe and secure.  Imagine if your doctor only did the bare minimum during surgery to make sure you complied with a text book procedure, rather than actually finishing the job.

Concerned about Print Security?
Data breach Data security Insider threat Print security Privacy

Secure your print processesInformation security is a tough business.  As technologies evolve and businesses seek to use technology advancements as a competitive edge to be more productive, more efficient and to provide better service to their customers, the bad guys are also innovating with more ingenious ways to get at valuable digital business information.  Security postures are often re-evaluated to add new layers of technologies to deal with new and existing threat gaps. As this process dynamically takes place, one area that often does not get enough attention is printing – processes, workflows and the security around it.

EU-US Privacy Shield and the Future of Data Protection
Data breach Insider threat Privacy

EU-US Privacy Shield and the Future of Data ProtectionThe European Commission adopted the EU-US Privacy Shield on July 12, 2016 as a replacement for the Safe Harbor rules that were overturned by the European Court of Justice in October 2015.  This new framework protects the fundamental rights of anyone in the EU whose personal data is transferred to the United States as well as bringing legal clarity for businesses relying on transatlantic data transfers.

The new EU-US Privacy Shield is an example of stronger privacy and security frameworks that affect US and European businesses as they collect, manage and share personal data.  Ensuring the security of personal information, no matter its location, is no longer a technology issue.  This is a business and trade issue.  If I am a US company and want to do business online or in person with businesses and citizens of the EU, I must guarantee that sensitive personal data is always under my control and that only authorized people can access it.

Seven Employees at ProMedica Hospitals Breach Patient Information
Data breach Data security Insider threat Privacy

Seven Employees at ProMedica Hospitals Breach Patient InformationRecently ProMedica Bixby and Herrick Hospitals contacted 3,472 patients informing them that their private medical records had been improperly accessed by seven employees.  As is standard practice with the breach of patient information, patients received letters from ProMedica explaining the situation, the hospital’s action plan to prevent additional breaches and offering a full year of free credit protection monitoring. The hospital also reported this incident of an insider threat to the U.S. Department of Health and Human Services.

The breach was discovered on April 7, 2016.  An internal investigation revealed that seven employees accessed patient medical records for patients they were not treating, without a valid business or clinical reason between May 1, 2014 and April 26, 2016. The information accessed included the patient’s full name, address, phone number, date of birth, insurance, diagnosis, medications and other clinical information. ProMedica commented that it did not appear that the employees intended to retain or use the information accessed, but could not verify it.  Not being able to verify intent or access is a major problem with sensitive information.

FDIC is Adding Digital Rights Management to Arsenal for Data-Centric Security
Data breach Data security Insider threat Privacy

FDIC adding DRM to it information securityOn Thursday May 12, 2016, the Congressional Subcommittee on Science, Space and Technology held a special hearing in Room 2318 of the Rayburn House Office Building.  The hearing addressed if Americans can trust their private banking information is secure by relying on the Federal Deposit Insurance Corporation (FDIC).

During the session, lawmakers stated that the FDIC has a long history of cyber-security incidents and that it is failing to safeguard private banking information of millions of Americans who rely on the FDIC.

In the last seven months alone, seven departing employees at the FDIC have left with personal banking information on thumb drives and other removable media.

While Lawrence Gross Jr., the FDIC’s CIO told lawmakers that the FDIC considered the data breaches as “inadvertent” copying of personal banking information that happened when departing employees were copying personal information to removable media, some of lawmakers called taking something that does not belong to employees as “theft”.

Healthcare Data Breach – Unauthorized Access for Seven Years
Data breach Data security Insider threat Mobile security Print security Privacy

Healthcare Data Breach - Unauthorized Access for Seven YearsUnityPoint Health-Allen Hospital has made the news very recently as one of the latest healthcare environments that had a data breach. While on the surface this news appears to be just another healthcare data breach, there is something very different about it; the breach occurred over a span of seven years and was only recently discovered and reported.

A “former employee” accessed 1,620 patient records that contained personal information and may have seen patients’ names, home addresses, dates of birth, medical and health insurance account numbers, and health information related to their treatments.

The Allen Hospital compliance team detected inappropriate access that started in September 2009 and ended in March 2016.  They started a review that resulted in the notification of the breach to the U.S. Department of Health and Human Services and impacted patients.

Why was this inappropriate access not immediately detected with all the technology in place to ensure HIPAA compliance?  What was missing?

Blueprint for Healthcare Data Protection
Data breach Data security Privacy

Protected Health InformationProtected Health Information (PHI) security and patient privacy are major areas of concern for today’s health care providers, insurers, and their business partners. With each passing month, we are witnessing major new data breach incidents in the news that continually increase the number of individuals whose PHI is exposed.

Protected Health Information is an attractive target for the bad guys due to several reasons. Significant amounts of personal information in health records have a very long lifespan and most information contained in them cannot be easily changed. Information like social security numbers, addresses, illness information and treatments can’t be disabled or replaced with ease unlike credit cards.  The information has significantly more value, retains its value over time, they are poorly secured, and on top of it cannot be disabled – with current technologies used in most healthcare environments – once they are breached.  As the market rushed to digitize health records under the auspices of improved care, not much care was given to develop and implement the type of information security protocols needed to truly protect this information. So, hackers were lead to target protected health information (PHI) for big paybacks.

Strengthen Your Security On World Password Day 2016
Data breach Data security Privacy

Strengthen Your Security On World Password Day 2016Today is World Password Day 2016 and it’s a great time to take a look at how you use, manage and protect your work and online identity.  Many of the data breaches you read about in the headlines, like the recent Reuters breach, are the results of exposed or compromised passwords.  While better identity and authentication systems exist using biometrics, OAuth, OpenID and others, most systems still rely on the good old password for access.

If you have to use passwords, you need to make them harder to guess and compromise.  Numerous studies over the past few years by Verizon and others show that about 90 percent of successful data breaches started with a weak or default password.  With a little ingenuity people can guess weak passwords, especially when you use a default password, like “admin” or something simple like “123456”.  The challenge we all have is to make it harder to compromise, but still easy for you to remember.

Data-Centric Security in the Boardroom
Data breach Data security Mobile security Print security Privacy Secure collaboration

Boardroom Data Security starts by protecting board communications and documentsWith so many high profile data breaches in the public eye recently, cyber security is now front and center in many organizations.  Globally cyber attacks and data leaks are daily threats to organizations, reminding everyone that we are all potential targets. Attorneys are warning about potential individual liability for corporate directors who do not take appropriate responsibility for oversight of cyber security while investors and regulators are pushing boards to step up their oversight.  As a result, corporate boards have woken up to the call that they must address cyber security issues on their front lines, as it is no longer just an Information Technology issue.

Big Data and Data Analytics Need Data-Centric Security
Data breach Data security Privacy

Big Data and Data Analytics Need Data-Centric SecurityBig Data and Data Analytics are changing the way the world uses business information. The amount of data that’s created and stored daily on a global level is almost inconceivable as with each passing hour, the data grows at an amazing pace. Everything from the most trivial details of our personal lives to highly sensitive information at work is now stored and catalogued. While businesses look for ways to leverage, manage and derive insight from this vast amount of information, they also need to think hard about satisfying privacy, security and compliance all at once. This is not a trivial job, and many businesses struggle when attempting to roll Big Data and Data Analytics into a production enterprise scenario.