Following the escalation of tensions between the United States and Iran in the past week, the Health Information Sharing and Analysis Center (H-ISAC) is warning hospitals and health systems that Iran could attack health...more
1/10/2020
/ Assassinations ,
Cyber Attacks ,
Cyber Crimes ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Department of Homeland Security (DHS) ,
Hackers ,
Health Care Providers ,
Healthcare Facilities ,
Hospitals ,
Infrastructure ,
Iran ,
Municipalities ,
Phishing Scams ,
Risk Management ,
Risk Mitigation ,
Social Media ,
Terrorist Threats ,
Vulnerability Assessments
The Department of Homeland Security (DHS) is warning critical infrastructure operators to be on high alert for Iranian backed cyber-attacks because of the vulnerability of state and municipal computer systems, they are at...more
1/10/2020
/ Assassinations ,
Cyber Attacks ,
Cyber Crimes ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Department of Homeland Security (DHS) ,
Hackers ,
Iran ,
Municipalities ,
Risk Management ,
Risk Mitigation ,
Terrorist Threats ,
Vulnerability Assessments
The Department of Homeland Security (DHS) issued a grave warning to U.S. businesses and critical infrastructure operators on January 6, 2020 alerting the public that Iran poses a cyber terrorism threat to the United States...more
1/9/2020
/ Assassinations ,
Cyber Attacks ,
Cyber Crimes ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Department of Homeland Security (DHS) ,
Hackers ,
Iran ,
Popular ,
Risk Management ,
Risk Mitigation ,
Terrorist Threats ,
Vulnerability Assessments
The Office for Civil Rights (OCR) announced that it has fined the Texas Health and Human Services Commission (TXHHS) $1.6 million for HIPAA violations. This is one of the few fines the OCR has levied against a state agency....more
11/22/2019
/ Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Department of Health and Human Services (HHS) ,
Electronic Medical Records ,
Enforcement Actions ,
Fines ,
Hackers ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
OCR ,
PHI ,
Popular
The California Department of Motor Vehicles (DMV) announced on November 5, 2019, that it allowed the Social Security numbers (SSNs) of 3,200 California drivers to be accessed by unauthorized individuals in other state and...more
The Department of Veterans Affairs’ Office of Inspector General (VA OIG) recently completed an audit of the VA’s Milwaukee Regional Office after it was tipped off by a whistleblower about the exposure of sensitive information...more
10/31/2019
/ Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Department of Veterans Affairs ,
Federal Trade Commission (FTC) ,
Hackers ,
Identity Theft ,
Information Security ,
Personally Identifiable Information ,
Security Audits ,
Veterans ,
Vulnerability Assessments ,
Vulnerable Victims ,
Whistleblowers
The pace at which data privacy and security laws are changing continues to move at warp speed. Back in the day, I would keep track of all privacy and security bills in state legislatures and Congress; about 10 years ago, I...more
A recent Ponemon Institute study finds that small and mid-sized businesses continue to be targeted by cybercriminals, and are struggling to direct an appropriate amount of resources to combat the attacks....more
10/17/2019
/ Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Hackers ,
Personally Identifiable Information ,
Popular ,
Risk Management ,
Vulnerability Assessments
The Office of the Under Secretary of Defense for Acquisition and Sustainment has been on a fast track mission to shore up the cybersecurity measures of defense contractors and the supply chain to the Department of Defense...more
10/14/2019
/ Certifications ,
Cooperative Compliance Regime ,
Cybersecurity ,
Cybersecurity Maturity Model Certification (CMMC) ,
Data Privacy ,
Data Protection ,
Data Security ,
Department of Defense (DOD) ,
Federal Contractors ,
Regulatory Requirements ,
Subcontractors ,
Vendors
Many cities in the United States utilize a self-pay portal for residents to pay bills online, known as Click2Gov. Click2Gov was compromised in 2017 and 2018, when hackers were able to access over 300,000 payment cards and...more
Despite the fact that security experts have emphasized the importance of cyber education and training as a preventative measure to protect against a devastating data breach, Chubb’s Third Annual Cyber Risk Survey finds that...more
I am not a big fan of putting all of one’s passwords in one place, but many people use password managers. If you use Last Pass (see previous blog posts about Last Pass here and here), be aware that it was recently advised by...more
9/20/2019
/ Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Security ,
Google ,
Multi-Factor Authentication ,
Online Platforms ,
Passwords ,
Risk Management ,
Search Engines ,
Vulnerability Assessments ,
Websites
New Hampshire Governor Chris Sununu recently signed the New Hampshire Insurance Data Security Law, which “establishes the exclusive state standards applicable to licensees for data security, the investigation of a...more
It is so hard to keep up with the latest ways the bad guys try to infiltrate company data. One new technique is called warshipping, and its implementation is pretty simple and a little old school....more
After the Capital One data breach, which was reportedly caused by an improperly configured firewall, every company should be paying attention to its firewalls....more
Following an investigation led by the Washington Attorney General, Premera Blue Cross has agreed to pay $10 million to 30 states after experiencing a data breach in 2014 that compromised the Protected Health Information of...more
Section 230 of the Connecticut budget bill is called the “Insurance Data Security Law” and becomes effective October 1, 2019. It requires any insurance licensee, (anyone who is authorized or licensed and subject to the...more
Security researchers have warned municipalities repeatedly about how they are being targeted with ransomware, that they are at high risk, and the need to make data security a high priority.
Please see full Publication blow...more
6/28/2019
/ Credit Monitoring ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Security ,
Hackers ,
Identity Theft ,
Military Service Members ,
Mobile Apps ,
Mobile Device Management ,
Municipalities ,
National Guard ,
Popular ,
Ransomware
We continue to see clients hit with notifications from vendors about security incidents caused by either the vendor or the vendor’s downward supply chain....more
According to a recent survey of cybersecurity professionals by AT&T Cybersecurity entitled “Confidence: the perception and reality of cybersecurity threats,” phishing and cloud security threats are keeping them up at...more
5/3/2019
/ Best Practices ,
Cyber Attacks ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Department of Health and Human Services (HHS) ,
Drones ,
Federal Aviation Administration (FAA) ,
Hackers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HITECH Act ,
Limitation of Liability Clause ,
Phishing Scams ,
Popular ,
Unmanned Aircraft Systems
A dispute between parties, or in the middle of a security incident, is not the best time to determine whether you have sufficient contractual provisions in place with a customer or vendor....more
We previously reported that Cottage Health, a health care entity operating several hospitals in California, settled with the State of California for $2 million for a security incident that occurred in 2013. On February 7,...more
2/12/2019
/ Business Associates ,
Corrective Actions ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Data-Sharing ,
Employee Training ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Hospitals ,
OCR ,
Personally Identifiable Information ,
PHI ,
Policies and Procedures ,
Security Risk Assessments ,
Settlement Agreements
It has long been standard practice to include data privacy and security due diligence in mergers and acquisitions for technology companies....more
Just before the new year, the Department of Health and Human Resources (HHS) released voluntary cybersecurity practices for healthcare organizations, which consists of a main document, two technical volumes, and resources and...more
1/7/2019
/ Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Department of Health and Human Services (HHS) ,
Hackers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
PHI ,
Privacy Laws
It’s a new year, and a worthy new year’s resolution (besides shedding those pesky 10 pounds) is to review your online footprint and look for ways to reduce it. ...more