A class action lawsuit is seeking $4.9 billion in damages as a result of alleged privacy violations stemming from a recent health information breach affecting beneficiaries of the TRICARE military health program.
While a presidential advisory council wants to move forward quickly with using metadata tags within electronic health records, such as to indicate patient privacy preferences, another federal advisory panel is saying "not so fast."
Skimming incidents at bank branch ATMs and vestibules are adding up to huge losses. One bank says it could easily lose $50,000 over one weekend at a single ATM. So, what can institutions do to deter and detect skimmers?
"Given that the data tested against our network consisted of sign-in ID-password pairs, and that the overwhelming majority of the pairs resulted in failed matching attempts, it is likely the data came from another source and not from our networks," says CISO Phillip Reitinger.
These arrests also highlight the U.S. vulnerability to crimes involving payment cards with magnetic stripes. "The U.S. is a criminal's playground right now," says John Buzzard of FICO Card Alert Service.
A children's health system is offering free credit monitoring to 1.6 million after the loss of backup tapes. It's the second major breach incident revealed in recent weeks involving lost or stolen backup tapes.
"It should provide fuel for anyone calling for data breach legislation to include criminal sanctions ...," says Neal O'Farrell of the Identity Theft Council. "This was nothing short of a clumsy cover-up."
"Organizations are putting in layers of security and tools to safeguard information and assets, however, the fraudsters are attacking our weakest link, the consumer," says Anthony Vitale of Patelco Credit Union.
UBS's $2 billion loss to rogue trading provides lessons for all banks. What's missing in today's financial institution culture is a balance between profits, ethics and governance, says risk management expert Frances McLeod.
"With a company-issued device, you can issue a policy that says users have no rights of privacy over information on the device," says Javelin's Tom Wills. But with employee-owned devices? A whole new set of issues.
Security incidents reported over the past five years have placed the confidentiality, integrity and availability of sensitive government information and information systems at risk, an annual GAO review reveals.