News about recent healthcare information breaches offers an important reminder: Monitoring the privacy and security procedures of your business associates should be a vital component of any breach prevention strategy.
Breach notification laws in most states would be preempted if a bill approved by the Senate Judiciary Committee becomes law. But that's a big if because of GOP objections, such as those voiced by the panel's ranking member, Charles Grassley.
Known as "recursion" among his LulzSec compatriots, Cody Kretsinger is among the hacking group's members responsible for the breach of Sony Pictures Entertainment computers between May 27 and June 2, according to federal authorities.
The breach earlier this month of certificate authority DigiNotar could prove to be the worst security event ever to happen on the Internet because it threatens, at its core, a fundamental principle of Internet transactions - economic and social - trust.
The Dutch company that was deceived by hackers into issuing fraudulent digital certificates is liquidating its assets under the protection of a bankruptcy court in the Netherlands after failing to recover from the attack.
"Once you identify that person based on the unique characteristics of their face, you could then match it with other databases," privacy advocate Beth Givens says, referring to privacy gaps created by facial recognition technology.
Stanford Hospital & Clinics reports that a business associate's subcontractor caused a health information breach when information about 20,000 patients treated in the hospital's emergency department was posted on a website.
A new report to Congress about major healthcare information breaches shows that federal officials have yet to complete their investigations of corrective actions taken in the wake of 70 percent of incidents.
Nearly 7.9 million Americans were affected by almost 30,800 health information breaches between September 2009, when a federal healthcare breach notification rule took effect, and the end of 2010, according to a new report to Congress.
"Our proposal would give judges the authority they need to adequately punish serious offenders and to make these penalties commensurate with the same type of conduct occurring offline," Associate Deputy Attorney General James Baker tells Congress.
Ohio is relatively new to enterprise information security, and according to David Shaw, the state's chief information security officer, there is still much to do to ensure that all the agencies' critical infrastructure is protected.
A new California law requires that organizations experiencing a data breach provide more detailed information to the individuals affected. The law, which covers breaches involving financial, healthcare and other personal information, goes into effect Jan. 1.