In February, CVS was ordered to pay a fine of 2.5million dollars by the FTC. This fine was because their employees threw out personal information about patients. Who knew poor recycling programs could cost so much? HIPAA has been around for a number of years but not until recently did we see that it has teeth and companies are going to be held accountable. CVS has to have an assessment every other year now for 20 years. And assessments are not cheap! Assessments based on the Security Rule cover many areas of technology controls such as Firewall protection, Antivirus, Encryption, Vulnerability Scanning and much more. I am sure conducting an assessment rather than getting fines would have been much cheaper for CVS.
The definition of a Covered Entity for HIPAA compliance really reaches out to more companies than just hospitals and doctors offices. Not only companies like CVS will get fined but business partners of hopsitals and doctors offices storing patient data will be in trouble if they do not conduct Risk Assessments.
There are a number of ways to conduct these assessments, make them practical and stay out of trouble with “The Man”. One company that is pretty helpful in this regard is RiskWatch, http://www.riskwatch.com Their software allows you to conduct HIPAA, PCI, Red Flag Rule and other types of assessments.
For security professional, these regululations provide a strong insentive for companies to get their act together regarding privacy and security of data. Its unfortunate they have to be fined first to get them to the ball rolling. But hopefully, more will take a proactive stance for compliance but also to get an ongoing security program in place.
Regards
Gary Bahadur
http://www.kraasecurity.com
http://blog.kraasecurity.com
http://twitter.com/kraasecurity
*Managed Security Services
*Vulnerability Management
*Compliance & Policy Development
*PGP Security
*FREE Website Security Test
ta8vuc4i3r
Showing posts with label Managed Security. Show all posts
Showing posts with label Managed Security. Show all posts
Monday, July 20, 2009
Friday, May 1, 2009
Encrypt Your Laptops to Safeguard Information
With the advancement of technology come its disadvantages as well. As the technology is improving, the number of thefts and fraud activity is on the rise. To hear about stolen laptops has now become a normal news story. Companies usually store their data in their systems or laptops and forget to keep a backup copy of the same data or even to encrypt that data. This data includes all information regarding the employees of the company, business clients and the valued customers of the company. Recently, Oklahoma’s Department of Human Services (DHS) had reported that an unencrypted laptop containing information regarding millions of customers was stolen by an employee of the agency. The laptop contained their all important information regarding their complete background as well as their social security numbers, though the agency is somewhat sure about the safety of the data as the laptop was protected by a password.
The personal data stored on the laptop should be on an encrypted share or drive, i.e., it needs to be there in a way so that no one other than the assigned person can get access of this highly valuable data. You may have highly confidential details that should not be disclosed. The customers share their information on the basis of the fact that as per the guidelines of the company, the data would be safe within the company only.
There have been many laptop thefts reported by many reputable companies. The laptops containing sensitive information get stolen, posing a security threat to the company. Whether the amount of customer data on the laptop is for one or one hundred, it can have a very damaging affect on the company and the customers. IN most cases, the records number in the thousands or even millions. not like only one or hundred clients are associated with the company. But the client base encompasses a mass of millions of people and certainly involves huge risks if they face any security breach.
There are many ways to ensure safety of the data even if the laptop gets stolen. First of all, it should be encrypted with PGP Encryption system which helps in protecting all the data by offering various encryption applications. the chances of growth and profitability of any company. Automated patch management is another way of keeping your laptop's sensitive information safe. Firewall protection is also necessary for protecting your laptop against harmful attacks or when surfing suspicios sites. To keep it safer, you should also protect your hard disk with a password as it makes the cracking very tough for the fraudsters.
on increasing. Recently, Oklahoma’s Department of Human Services (DHS) had reported that an unencrypted laptop containing information regarding millions of customers was stolen by an employee of the agency. The laptop contained their all important information regarding their complete background as well as their social security numbers, though the agency is somewhat sure about the safety of the data as the laptop was protected by a password.
So, it is better to take some measure beforehand, rather than facing such risks in the future. These are easily available tools that need to be used by every organization so as to maintain their clients and growth.
An expert with the knowledge of Application Security Risk Assessment has written this article.
The personal data stored on the laptop should be on an encrypted share or drive, i.e., it needs to be there in a way so that no one other than the assigned person can get access of this highly valuable data. You may have highly confidential details that should not be disclosed. The customers share their information on the basis of the fact that as per the guidelines of the company, the data would be safe within the company only.
There have been many laptop thefts reported by many reputable companies. The laptops containing sensitive information get stolen, posing a security threat to the company. Whether the amount of customer data on the laptop is for one or one hundred, it can have a very damaging affect on the company and the customers. IN most cases, the records number in the thousands or even millions. not like only one or hundred clients are associated with the company. But the client base encompasses a mass of millions of people and certainly involves huge risks if they face any security breach.
There are many ways to ensure safety of the data even if the laptop gets stolen. First of all, it should be encrypted with PGP Encryption system which helps in protecting all the data by offering various encryption applications. the chances of growth and profitability of any company. Automated patch management is another way of keeping your laptop's sensitive information safe. Firewall protection is also necessary for protecting your laptop against harmful attacks or when surfing suspicios sites. To keep it safer, you should also protect your hard disk with a password as it makes the cracking very tough for the fraudsters.
on increasing. Recently, Oklahoma’s Department of Human Services (DHS) had reported that an unencrypted laptop containing information regarding millions of customers was stolen by an employee of the agency. The laptop contained their all important information regarding their complete background as well as their social security numbers, though the agency is somewhat sure about the safety of the data as the laptop was protected by a password.
So, it is better to take some measure beforehand, rather than facing such risks in the future. These are easily available tools that need to be used by every organization so as to maintain their clients and growth.
An expert with the knowledge of Application Security Risk Assessment has written this article.
Tuesday, March 17, 2009
More Hacking Fun
Just another hacker story from New Zealand. The interesting thing is that it with all the data stolen fromt he online forms for credit card applications, the theft provides a great way to open legit credit cards somewhere else. So how do you stop legitimate applications from going through now? You have to love the "2 years of free credit monitoring" that all the hacked companies give you.
Hackers steal Shell customer information
Tue, 17 Mar 2009 10:17a.m.
Online hackers have stolen personal information from almost 6000 Shell customers in New Zealand and Australia. Shell spokeswoman Jackie Maitland confirmed to NZPA today that 1400 New Zealand customers were affected and another 4500 in Australia.
Both the New Zealand police e-crimes unit and the Queensland police were investigating.
Ms Maitland said the information obtained by the hackers was contained in online application forms for a Shell fuel card.
Gary Bahadur
KRAA Security
info@kraasecurity.com
www.kraasecurity.com
Managed Security and Consulting Services
Managed Firewall
Managed IDS
Managed Email
Hackers steal Shell customer information
Tue, 17 Mar 2009 10:17a.m.
Online hackers have stolen personal information from almost 6000 Shell customers in New Zealand and Australia. Shell spokeswoman Jackie Maitland confirmed to NZPA today that 1400 New Zealand customers were affected and another 4500 in Australia.
Both the New Zealand police e-crimes unit and the Queensland police were investigating.
Ms Maitland said the information obtained by the hackers was contained in online application forms for a Shell fuel card.
Gary Bahadur
KRAA Security
info@kraasecurity.com
www.kraasecurity.com
Managed Security and Consulting Services
Managed Firewall
Managed IDS
Managed Email
Subscribe to:
Posts (Atom)
