- A brief description of what happened, including the date of the breach and the date of the discovery of the breach, if known
- A description of the types of unsecured PHI that were involved in the breach (i.e., full name, Social Security number, date of birth, home address, account number, diagnosis, or disability code)
- Any steps individuals should take to protect themselves from potential harm resulting from the breach
- A brief description of what the organization is doing to investigate the breach, to mitigate harm to the individuals, and to protect against any further breaches
- Contact procedures for individuals to ask questions or learn additional information, which shall include a toll-free telephone number, an e-mail address, Website, or postal address if appropriate.
Saturday, May 10, 2014
Was this Target's idea or the banks?
Maury Glover reports:
It’s been months since hackers stole the credit and debit card information of millions of Target customers, but the effects are far from over. In fact, thousands of Minnesota credit card numbers are currently for sale.
In the wake of the breach, Target told customers not to cancel their credit cards during the busy holiday shopping season and urged them to monitor their accounts for a year — but Lanterman said that advice just gives hackers time for victims to let their guard down.
“Target’s advice not to cancel the cards actually helped the hackers because once you cancel the cards, the info is worthless,” Lanterman said.
According to Lanterman, that’s just one more way that Target’s handling of the situation has missed the mark.
Read more on MyFox9.com
Target CEO Exit Highlights Business Side of Security
The resignation of Target Corp. CEO Gregg Steinhafel earlier this week indicates a growing awareness among the C-suite and boards that security is intimately intertwined with business strategy and should be viewed as a board-level issue.
"Cyber-security is now a Board and C-level issue, but that wasn't always the case," [It was at every company I worked for... Bob] Shawn Henry, CSO of CrowdStrike and president of the company's services division. "Cybersecurity is no different than any other risk a company faces today."
… Nearly 80 percent of responders in a recent Websense/Ponemon survey (PDF) of 5,000 global IT security practitioners said their company's leaders did not equate losing confidential data with a potential loss of revenue.
How broad could this “Search” become?
Ellen Nakashima reports:
The Justice Department is seeking a change in criminal rules that would make it easier for the FBI to obtain warrants to hack into suspects’ computers for evidence when the computer’s physical location is unknown — a problem that officials say is increasing as more and more crime is conducted online with tools to conceal identity.
But the proposal, which was posted for public comment on a U.S. court Web site Friday, is raising concerns among privacy advocates who see it as expanding the power of federal agents to insert malware on computers, which they say could weaken overall Internet security.
Read more on Washington Post.
[From the article:
The proposed change would also make it easier for agents to use one warrant to obtain evidence on possibly hundreds or thousands of computers spread across the country when the machines have been secretly commandeered into “botnets” by criminals to conduct cyberattacks. [That might include one of my computers, if I fell for “bad guy spam.” Bob]
I have always liked how Dr. Cavoukian thinks!
White paper: Personal Control and Freedom Are Essential to Preserving Privacy in an Online World of Growing Surveillance
Individuals are beginning to lose effective control over their personal information in this era of ubiquitous mobile, social and cloud computing. The future of digital privacy may depend on changing the current online paradigm from “Use At Your Own Risk” to “My Data, My Rules” by providing individuals with greater control over their personal information. To explain how information systems may be engineered to enable privacy and control automatically — by default, Ontario’s Information and Privacy Commissioner, Dr. Ann Cavoukian, and Absio Corporation President and CEO, Dan Kruger have released a new white paper, Freedom and Control: Engineering a New Paradigm in the Digital World.
(Related) Because it's “public?”
Alex Boutilier reports:
Ottawa is creeping you on Facebook.
The government that characterized the long-form census as unduly intrusive is increasingly lifting Canadians’ personal information from their social networking websites, according to the federal privacy watchdog.
In a letter to Treasury Board President Tony Clement, interim privacy commissioner Chantal Bernier said an “increasing number” of government institutions are collecting publicly available personal information from sites like Facebook and Twitter “without any direct relation to a program or activity.”
“We are seeing evidence that personal information is being collected by government institutions from social media sites without regard for accuracy, currency and accountability,” Bernier wrote in the February letter obtained by the Star.
Read more on Toronto Star.
Eventually, someone will get it right.
Over on HealthITSecurity.com, Patrick Ouellette notes that American Health Information Management Association’s (AHIMA) recently published a Breach Management Toolkit.
The tool requires an AHIMA membership, but the Journal of AHIMA detailed what the tool has to offer providers and a sample of required elements within a data breach notification letter.
Patrick reports that the toolkit discusses five critical pieces of information that AHIMA says should be included in any breach notification letter. Their five critical pieces, as summarized by Patrick, are consistent with what I have been advising for years:
Leading the way into the wonderful world of exploding cellphones? (Even if it's just the dye packs the banks use.)
California passes ‘kill switch’ law, requiring smartphones to have a self destruct option
The Californian Senate has approved a revised version of the so-called kill switch bill, which requires all smartphones sold in the state to have anti-theft software installed. The controversial bill was rejected at the end of April, and was subsequently altered to make it more acceptable to manufacturers and networks. Apparently, key changes included a six month extension to the deadline for compliance, and tablets aren’t included in the rules.
The risk of trying to be the “next Silicon Valley.”
Report: 38 Studios default would force Rhode Island bonds to 'junk' status
Defaulting on the debt related to 38 Studios' bankruptcy would sink Rhode Island's bond rating to junk status and could harm the state's overall business climate, an independent analyst predicted in a report released Friday.
… The state's economic development agency is suing 38 Studios founder and former Red Sox pitcher Curt Schilling and others over the collapse of his video game company. It says the board was misled into approving the deal that helped lure the company from Massachusetts to Providence.
Someone has figured out this Privacy stuff.
Kids Are Using Bitcoin to Buy Fake IDs Online
(Related) And someone else has figured how to get more money? The test? “Can we spend it?”
US Political Groups Can Now Accept Bitcoin Donations
Why is this surprising? This is the “Government can do it better than you” party. (In fairness, I think they also considered letting the banks fail, but realized quickly that they couldn't find buyers.)
US considered nationalising banks: Former treasury secretary Timothy Geithner
(Related) Well, maybe they can't do everything better...
USPTO Clearly Cuckoo as Amazon Patents Photos with White Backgrounds
I'm not quite ready to pay $120 a year to read books I can get at the neighborhood library for free. Or am I missing something?
Is Oyster the Netflix of the online book world? Apparently it is for a lot of reading fans
Oyster, an online e-book subscription vendor, now has a half million titles in its catalog and is on a run in making top deals with big name publishers.
… The news illustrates more readers than ever are embracing online bookstores and e-reader devices such as Amazon's Kindle and the smartphones being embraced.
"Roughly half of our reading activity happens on phones," says Eric Stromberg, CEO of Oyster Books.
Oyster's library of 500,000 e-books are available for $9.99 a month, with titles from over 1,600 publishers. According to Oyster half of its subscribers are accessing its service using a smartphone during the day hours. Subscribers on weekends and nights tend to use the iPad.
My weekly laugh at education.
… Pearson has won the highly lucrative contract to develop and administer the tests for the Common Core testing consortium Partnership for Assessment of Readiness for College and Careers (PARCC). The states that are part of PARCC collectively educate about 15 million students. So let's see: 15 million times $29.50 per test... Pearson was the only organization to bid for the contract.
… The American Institutes for Research (AIR), another player in the testing industry, has filed a lawsuit arguing that the PARCC contract was awarded “in a process that was illegal, and structured in a way that wrongly benefited one company—Pearson.”
… Southern New Hampshire University’s College for America has done it: a $10,000 college degree. The school will offer a competency-based, self-paced bachelors degree in health care management and communications. More via Inside Higher Ed.
… Microsoft released a new add-on to Office aimed at educators called Office Mix which lets you add Khan Academy and CK12 resources to PowerPoints.
… Renaissance Learning has released its annual report on What Kids Are Reading. The report includes a list of the most popular books based on grade level.
Definitely something for my website class.
– when using images on the Internet, it is important to optimize them so they are of minimal size but maximum quality. Using Optimizilla, you can upload up to 20 files in JPEG and PNG formats. Click thumbnails in the queue to select images. Use the slider to control the compression level and mouse/gestures to compare images. Click ‘Save’ to download the result.
A tool for my students? Free and no sign-up needed. Encrypts in your browser before uploading.
– Encryption has become an extremely important topic online these days, so any tool which helps you encrypt your communications is very important. Encryption.to is a site which enables you to send encrypted messages with one click. If you sign up, you get an unique link encrypt.to/username, and your public key will be private at their non-public key server.
Something for my Math students before they are my Math students?
TenMarks Offers Their Summer Math Program to Parents for Free
TenMarks is a service that offers an online mathematics program designed to supplement your in-classroom mathematics instruction. This summer they are offering their summer mathematics program to families for free.
The TenMarks summer program begins with students taking an assessment. After taking the assessment an individualized program that adapts to his or her specific needs is created for the student. Each student’s summer curriculum is designed to review concepts from the past year, and get introduced to concepts for the year ahead. TenMarks offers real-time feedback to students and their parents. The feedback measures a student's progress toward a standard or goal. Based upon a student's responses to questions the program automatically adjusts to provide more or less of a type of question.