Breach announcements / Cybersecurity

Raising the stakes by lowering them

The HIPAA Security Rule’s most significant flaw was on display recently.   Hospice of Northern Idaho (HONI) has settled with the Federal Government for $50,000 to close out the case of  a stolen unencrypted laptop that had the electronic protected health information of 441 patients on it.  Media attention focused on the fact that this was the … Continue reading

Breach announcements / Cybersecurity

How stupid do they have to be?

Relying on people to be dumb is not an effective control.  “won’t” is not the same as “can’t” and never will be.   But it is used all the time to justify controls and to assume that lost records are somehow “safe”. Consider the “users are dumb” argument.  It comes up when you find weak application security.  By the … Continue reading