Financial Advisor at Ameriprise exposes millions in assets via NAS

Do you use a financial advisor? I do, and I recommend mine to others without reservation. Part of that recommendation comes from the manner in which the account data is secured, which provides me more than a modicum of assurance that the folks managing my money are not asleep at the switch when it comes to protecting my identity (and …

Madison Square Garden customer payment cards harvested

On 22 November, Madison Square Garden Company (The Garden) began notifying their customers that a breach of the point of sale (POS) system had occurred, and may have affected those customers who purchased goods at merchandise and food concessions at The Garden’s various properties, during the period 09 November 2015 – 24 October 2016, you may be affected. Properties affected Madison …

MSU data breach: Database with 400,000 records accessed

Michigan State University (MSU) has confirmed that on Nov. 13 an unauthorized party gained access to an MSU server containing certain sensitive data which included the personal identifying information of 400,000 individuals. The MSU data breach, characterized by the MSU President Lou Anna K. Simon as a,”criminal act in which unauthorized users gained access to our computer and data systems”. …

Data breach – Are you prepared? Most are not.

According to the new survey conducted by the Ponemon Institute on behalf of Experian, companies are complacent and lack confidence when it comes to data breach preparedness. A result which I found to be most astounding given the fact that every day we read of yet another company, institute, organization or governmental entity experiencing a data breach.  The study, “Is Your …

Rest easy: China says U.S. OPM data breach was criminal

Reuters recently reported how the Chinese are claiming they have concluded their official investigation into the allegation that the Chinese government were responsible for the Office of Personnel Management data breach which compromised the identities of ~20 million individuals government clearance portfolios. It is interesting to note, the Chinese government spokesperson did not indicate the US Government response to this …

Data Breach – Horizon Blue Cross – two data breaches in five years

Looking for information about the 2016 mis-mailing of EOB’s to Horizon Blue Cross Blue Shield of New Jersey (Horizon BCBSNJ) members?  Read-> Data Breaches Again at Horizon BCBSNJ Horizon Blue Cross Blue Shield of New Jersey – Two data breaches in five years. [Updated 18 December 2013*] Earlier this week 839,711 members of Horizon Blue Cross Blue Shield of New …

Community Colleges and Data Security

One normally does not think of a community college or junior college to be a place where data breaches would be of concern. That is of course until it happens, and then the realization hits at just how closely these institutions are intertwined with their communities. A data breach reaches deep within the communities from which they draw their students, …

Data breaches in healthcare – The UW data breach

Data breach at the University of Washington – October 2013 In early October 2013 a University of Washington Medicine (UW Medicine) employee opened an email attachment and in doing so launched a piece of malicious software (aka *malware*). The employee’s computer was taken over by the malware and with that action approximately 90,000 patients had their data accessed by criminal …

Defining the causes of a data breach

I recently crafted a piece for Huffington Post, What’s a data breach, in which I defined the vagaries of the different types of causes of a data breach.  While I list the different types, I welcome opinion on others, and urge you to read the Huffington Post piece for specific examples which ended in a data breach.     Stolen …

Medical Device Security – Are your devices secure?

Many medical devices have telemetry requirements, which require patient data to be both present within the device’s resident memory and to be transmitted from the device to a monitoring or record-preservation device (hard drive or tape). During transmission, are the content or command/control sequences protected? Do they need to be? Unfortunately, yes. The data must be protected not only from a PHI-data disclosure perspective, but also from data corruption perspective.

Patient Data: The Crown Jewels (Mayo Blog)

I have always been an advocate of protecting one’s personal information and privacy and was personally pleased when the HIPAA standards came into being, as this raised the tide for all medical care providers to a common level of information protection. Indeed doctors, dentists, insurers, health organizations, hospitals and clinics all moved to have their data handling and storage reviewed and certified as being HIPAA compliant.

Sadly, being compliant is not synonymous with being secure. According to the Privacy Rights Clearinghouse there have been more than 87 separate data breaches made public from January 1 – June 10, 2011, which in aggregate affected more than 5,000,000 individuals’ records. Let’s look at the variety of ways patient data were compromised and how every one of these losses was avoidable.