http://www.databreaches.net/?p=8283
Update: Stolen BCBS hard drives had data on 2 million insured
November 16, 2009 by admin Filed under Breach Incidents, Healthcare Sector, Of Note, Theft, U.S.
This is a follow-up to an incident first reported here.
Dennis Ferrier reports:
One of Tennessee’s largest holders of personal information confirms that an October theft from a Chattanooga office affects about 2 million of its clients.
Blue Cross Blue Shield said 68 computer hard drives that contained Social Security numbers and other sensitive information were taken from the office.
When the incident occurred Oct. 2, the company told the public it didn’t think there was anything personal on the hard drives, and, if there were, it would be hard to extract.
The company is now sending out a letter to group administrators and brokers who sell Blue Cross Blue Shield of Tennessee insurance.
The letter states:
“We have confirmed that the hard drives contained encoded data recordings and certain protected health information. May have included the member’s name and ID number. May have included the member’s date of birth or Social Security Number.”
Read more on WSMV. Cross-posted from PHIprivacy.net.
Another rare example of someone actually reading the logs?
http://www.databreaches.net/?p=8285
NE: Hackers Breach State Database
November 16, 2009 by admin Filed under Government Sector, Hack, U.S.
A hacker has broken into the Nebraska Worker’s Compensation database, prompting an FBI investigation and an effort to contact those who may be affected.
Several thousand people could be affected by the breach, which was discovered last week when the state’s chief information officer noticed an unusual amount of Internet traffic traversing the Worker’s Compensation courts server.
[...]
Workers who have filed court claims or who are collecting benefits may have had their names, addresses, birthdates and social security numbers compromised.
Read more on KETV.
http://www.databreaches.net/?p=8293
HIMSS Survey: Business Associates not up to speed on HITECH
November 17, 2009 by admin Filed under Commentaries and Analyses, Healthcare Sector, U.S.
Today, HIMSS released a new report, 2009 HIMSS Analytics Report: Evaluating HITECH’s Impact on Healthcare Privacy and Security.
Commissioned by ID Experts, HIMSS surveyed senior information technology (IT) executives, Chief Security Officers, Chief Medical Information Officers (CMIOs), Chief Information Security Officers and Chief Privacy Officers at hospitals throughout the United States. They also surveyed business associates about the impact of the HITECH Act, data breach and patient exposure, and what healthcare organizations are doing. A total of 150 respondents from a provider organization and 26 individuals from an organization that has a business associate relationship with provider organizations participated in this research, which was conducted in August and September of 2009. Approximately half of survey respondents work for organizations with fewer than 100 beds. Slightly less than a third work for organizations with between 100 and 299 beds. The final 14% of respondents work for a hospital with 300 or more beds.
Among the key findings:
“Business associates” pose the largest threat to patient data security, putting patients and privacy at risk. Business associates include those who have access to patient data and include pharmacy chains, benefits administrators, claims adjusters, firms who handle mailings to patients, and insurance companies, among others. Somewhat amazingly, over 30% of business associates surveyed did not know the HIPAA privacy and security requirements have been extended to cover their organizations.
Given that organizations will now be under increased mandate to disclose and notify individuals of breaches (although the interim rule introduced a “harm” standard not in the actual legislation), hospitals should be looking at the security and privacy practices of their business associates. The survey found that 85% of hospitals indicated they will take action to protect their patient data that is held by a business associate, while a full 39% of business associates admitted they did not know what actions hospitals are taking. In addition, business associates were unaware that 47% of hospitals would terminate their contracts for violations.
Somewhat surprisingly, non-IT respondents were more aware of data breaches than IT respondents. The survey found that non-IT respondents reported that their organization had experienced twice as many data breaches as IT respondents (41% vs. 22%).
While hospitals are widely providing training for their employees, they are not always monitoring that employees are complying with the organization’s policies and procedures on which they were trained. Nearly all respondents reported that they perform employee privacy and security training to protect against data breach risk. However, less than three-quarters of respondents at hospitals that conducted a risk assessment indicated that information on employee compliance is part of the risk assessment.
Read the press release here. Visit http://www.idexpertscorp.com/breach/download/?altid=b_himms_download&cid=prhimss1117 for a free copy of the HIMSS Analytics study. [Registration required Bob]
Cross-posted from PHIprivacy.net
[Who dat?
Healthcare Information and Management Systems Society (HIMSS) http://www.himssanalytics.org/
Apparently it isn't hard to out-think large corporations. Downside here is that someone could drain your bank account by paying your phone bill in advance. Security is virtually non-existent.
http://www.pogowasright.org/?p=5421
Sprint customer seeing red over unauthorized payments
November 17, 2009 by Dissent
A blogger who elsewhere identifies himself as “Mike” recently posted a somewhat peculiar story on his blog in which he alleged that some unknown third party had called up Sprint Nextel’s pay-by-phone number, and by providing only the blogger’s phone number and zip code, was able to access his account balance and then — without his knowledge or approval — authorize two payments to his account from the card that he had on file.
It's none of these. My guess is the Swiss are planning to take over the world.
http://news.cnet.com/8301-27080_3-10399141-245.html?part=rss&subj=news&tag=2547-1_3-0-20
Report: Countries prepping for cyberwar
by Elinor Mills November 16, 2009 9:00 PM PST
… Threats of cyberwarfare have been hyped for decades. There have been unauthorized penetrations into government systems since the early ARPANET days and it has long been known that the U.S. critical infrastructure is vulnerable.
However, experts are putting dots together and seeing patterns that indicate that there is increasing intelligence gathering and building of sophisticated cyberattack capabilities, according to the report titled "Virtually Here: The Age of Cyber Warfare." [Registration required Bob]
We should think of this as our houses (and the power company) joining Facebook. Read the whole article.
http://www.pogowasright.org/?p=5418
Fifteen More Smart Grid Privacy Concerns
November 16, 2009 by Dissent Filed under Featured Headlines, Other, U.S.
By Rebecca Herold (The Privacy Professor) CIPP, CISSP, CISM, CISA, FLMI
I’ve had about half a dozen folks ask me how things are going with the work I’m doing with the NIST Smart Grid privacy group, and if I could provide an update since my last couple of posts on the topic here and here.
The time is going by much too quickly, and I am getting a bit nervous as we get closer to when we need to have the next draft of the NISTIR ready, tentatively set for December 31; there is so much more to do in this VOLUNTEER group effort…
Here is a quick laundry list overview for some of the activities I’ve been doing within the group:
Technology, making crime pay!
http://www.globalpost.com/dispatch/venezuela/091112/venezuela-facebook-criminals
Facebook: A tool for cops and robbers
In Venezuela criminals use Facebook to research targets. Cops use it too — but not always for scrupulous purposes.
By Charlie Devereux – GlobalPost Published: November 16, 2009 07:29 ET Updated: November 16, 2009 12:58 ET
… “There's a certain amount of intelligence work involved in kidnapping that Facebook makes easier,” said Roberto Briceno Leon, director of the Venezuelan Observatory of Violence. “Before, what did kidnappers do? They could spend months checking accounts, studying a person's daily movements in order to be able to plan the kidnapping. That implies an investment. Now, Facebook makes that easier.”
No comments:
Post a Comment