Why HIPAA Policies and Procedures are not copy and paste
Compliance from Dr. Google is a very bad idea. Searching for HIPAA Security Rule compliance yields about 1.8Million hits on Google. Some of the information is outdated and does not relate to the Final Rule and a good deal of other information is sponsored by service providers and technology companies selling silver bullets for HIPAA compliance. The […]
Why the Clinton data leaks matter
In the middle of a US Presidential election that will certainly become more contrast-focused (as politically correct Americans like to call mud-slinging), the Clinton data leaks are interesting and also worth investigation for their longer-term impact on the US economy, Shaky ethics versus data protection A friend who is a political science professor told me that […]
3 things a medical device vendor must do for security incident response
You are VP R&D or CEO or regulatory and compliance officer at a medical device company. Your medical devices measure something (blood sugar, urine analysis, facial anomalies, you name it…). The medical device interfaces to a mobile app that provides a User Interface and transfers patient data to a cloud application using RESTful services over HTTPS. Sound familiar? […]
Dealing with DLP and privacy
Dealing with DLP and privacy It’s a long hot summer here in the Middle East and with 2/3 of the office out on vacation, you have some time to reflect on data security. Or on the humidity. Or on a cold beer. Maybe you are working on building a business case for DLP technology like Websense or Symantec or Verdasys, or Mcafee or Fidelis in […]
It’s friends and family breaching patient privacy – not Estonian hackers.
A 2011 HIPAA patient privacy violation in Canada, where an imaging technician accessed the medical records of her ex-husband’s girlfriend is illustrative of unauthorized disclosure of patient information by authorized people. Data leakage of ePHI (electronic protected health information) in hospitals is rampant simply because a) there is a lot of it floating around and […]
How to protect your personal information from medical data theft
Private, personal information can be bought and sold on the black market for as little as fifty cents to a dollar, according to a report from Fox Business. But personal medical information can go for much higher prices, creating a market for criminals looking to defraud insurance companies of exorbitant sums of money. Overall, about $40 […]
Kick start your European privacy compliance
The CNIL’s Sanctions Committee issues a 150 000 € monetary penalty to GOOGLE Inc. On 3 January 2014, the CNIL’s Sanctions Committee issued a 150 000 € monetary penalty to GOOGLE Inc. upon considering that the privacy policy implemented since 1 March 2012 does not comply with the French Data Protection Act. It ordered the company […]
Is Your Small Business Safe From Cyberattacks?
Of the 855 data breaches Verizon examined in its 2012 Data Breach Investigations Study, 71 percent occurred at businesses with fewer than 100 employees. The Association of Certified Fraud Examiner finds the median small business loss due to fraud to be $200,000. These losses can be prevented with better protection and more knowledge about fraud […]
The dangers of default passwords – 37% of Data Breaches Found to be Malicious Attacks
A malicious attack by malware or spear phishing on valuable data assets like PHI (protected health information) exploits known vulnerabilities and one of the most common vulnerabilities in medical devices and healthcare IT systems is default passwords. “Researchers Billy Rios and Terry McCorkle of Cylance have reported a hard-coded password vulnerability affecting a wide variety of […]
Are passwords dead?
A recent article on CSO online ponders the question of whether or not passwords are dead – since they are not much of a security countermeasure anyhow (or so the article intimates). The article quotes a person who seems to believe that SQL injection attacks have to do with password security. Christopher Frenz, CTO at […]
