If you need one more reason to take additional steps to prevent health information breaches, here's something to consider. An attorney argues that if breaches, and their high costs, are not brought under control, "I think where we are headed is to an insurance crisis."
Some organizations hesitate to involve law enforcement in their breach investigations for fear that exposing the hack would cost them their reputations and money. A Justice Department contingent tells a gathering of lawyers why that impression is wrong.
A new federal suit against Michaels claims the crafts retailer, hit by a POS skimming scheme in May, took too long to notify customers after it learned of the breach that affected stores in 20 U.S. states.
David Navetta, an attorney who specializes in IT security and privacy, says the magistrate's recommendation, if accepted by the judge, could set an interesting legal precedent about the security banks are expected to provide for commercial customers.
It's clear that major data breaches have become not just a topic of mainstream news, but they're occurring with such frequency and potential devastation that they're almost deserving of a 24-hour news desk.
The House Subcommittee on Commerce, Manufacturing and Trade heard from Sony and Epsilon about breaches that adversely affected consumer information. Both companies support a national data security and breach notification law.
The recent Sony and Epsilon breaches sent a strong reminder that companies lack transparency and aren't prepared to respond to a breach once it occurs, says Kirk Herath, Chief Privacy Officer at Nationwide Insurance Companies.
Many organizations are unprepared to adequately respond to a breach, security expert Bob Chaput says. "Breach notification planning is just a fundamental, basic part of risk management in the new millennium," he adds.