Healthcare organizations should carefully document all necessary breach investigation and notification actions and responsibilities to avoid chaos when an incident occurs, says Dawn Morgenstern, privacy official at the Walgreens national drugstore chain.
2011 has offered quite a number of tough lessons for security professionals. Here at (ISC)2, where security education is our focus, the close of another year raises the old teacher's question: "What have we learned, class?"
Calif.-based grocer Save Mart confirms dozens of reports by employees and customers about account compromises linked to the merchant's recent breach. Are these incidents linked to a larger, organized crime ring?
Contra Costa County, Calif., has sent out notification letters to residents whose names were referenced in a public document posted to the county's website regarding debts owed to the Health Services Department.
It's one thing to have a data breach response team. It's quite another to ensure that team is made up of savvy personnel, says Brian Dean, a former privacy executive for KeyBank.
It's a corporate account takeover scheme - with a twist. The scam involves money mules and distributed denial of service attacks. "This is an entirely different scenario," says Mike Smith of Akamai Technologies.
Five members of Congress have sent a bipartisan letter to the director of TRICARE, the military health program, asking detailed questions about a recent breach that affected 4.9 million beneficiaries.
Physician group practices, many of which are adopting their first electronic health record system, need to make staff training on privacy and security issues a top priority, says Susan Turney, M.D., the new CEO at the Medical Group Management Association.
The emerging trend of class action lawsuits filed in the wake of major health information breach incidents offers one more incentive to boost breach prevention efforts.
Data breaches are all about reputational risk, says attorney Lisa Sotto. And as legal requirements grow, attorneys must play increasingly integral roles in helping clients respond to incidents.
In addition to the negative publicity associated with being included on the federal tally of major health information breaches, some organizations are experiencing yet another impact of breaches: class action lawsuits.
It's a new wave of cybercriminal behind the latest major data breaches, says breach expert Lucy Thomson. And these incidents are resulting in a new generation of breach notification laws globally.
The ongoing delay in the release of final versions of HIPAA modifications and the HIPAA breach notification rule makes it more difficult for healthcare organizations to set information security investment priorities, says hospital privacy officer Kari Myrold.
Ongoing HIPAA compliance training is key to breach prevention, says Terrell Herzig of UAB Medicine. Yet many healthcare organizations are lacking in their efforts, according to results from the Healthcare Information Security Today survey.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.com, you agree to our use of cookies.
