The HIPAA Security Rule’s most significant flaw was on display recently. Hospice of Northern Idaho (HONI) has settled with the Federal Government for $50,000 to close out the case of a stolen unencrypted laptop that had the electronic protected health information of 441 patients on it. Media attention focused on the fact that this was the … Continue reading
Category Archives: Breach announcements
This section looks at how data breaches are announced– call it media/public relations criticism. How much is news, how much is the organization trying to get the word out to the public. Increasingly, there is a story in the story: how much does the press “run” with the story.
How stupid do they have to be?
Relying on people to be dumb is not an effective control. “won’t” is not the same as “can’t” and never will be. But it is used all the time to justify controls and to assume that lost records are somehow “safe”. Consider the “users are dumb” argument. It comes up when you find weak application security. By the … Continue reading
Press release pass through– an interesting case
It is always in the best interests of an organization to do certain things when announcing that consumer data has been breached: let the public know what was and was not breached let the public know that the organization is taking it seriously give people guidance on what they should do if they suspect they are impacted assure the … Continue reading
Adequately?
“You keep using that word. I do not think it means what you think it means.” — Inigo Montoya from the movie, The Princess Bride. NASA had a laptop stolen with about 10,000 employee records on it (remember that number 10,000– it comes up below). The laptop was not encrypted. Here is what the NY … Continue reading
Hack on South Carolina data: criminal; act of international cyber terrorism: huh?
[note: the links are no longer active, apologies] In this example, the press takes advantage of recent comments about a “cyber Pearl Harbor” and implies that what looks like a case of identity theft for the purposes of tax and credit card fraud is an international cyber attack on the U.S. by our enemies. The press release … Continue reading
{Cyber Security} 