Monthly Archives: July 2009

FTC Delays Red Flags Rule for Third Time

The Federal Trade Commission announced a third delay, from August 1, 2009, to November 1, 2009, for compliance with the identity theft prevention red flags rule. The delay is for another three months. Compliance originally was scheduled for November 1, 2008, then delayed the first time until May 1, 2009.

via HIPAA.com – FTC Delays Red Flags Rule for Third Time.

More holes found in Web’s SSL security protocol – Network World

Security researchers have found some serious flaws in software that uses the SSL (Secure Sockets Layer) encryption protocol used to secure communications on the Internet.

At the Black Hat conference in Las Vegas on Thursday, researchers unveiled a number of attacks that could be used to compromise secure traffic travelling between Web sites and browsers.

via More holes found in Web’s SSL security protocol – Network World.

Privacy Rule Burden: 62.3 Million Hours – WOW

A notice in published July 29 in the Federal Register starkly demonstrates administrative burdens of complying with the HIPAA privacy rule.

The Department of Health and Human Services published the notice as part of its intent to continue requiring documentation of compliance. The notice lists a dozen documentation requirements, such as authorization to use and disclose protected health information, and notices of privacy practices.

In total, HHS estimates an industry-wide annual reporting burden of nearly 62.3 million hours-98% of which covers dissemination of a notice of privacy practices and patient acknowledgement. Accounting for use and disclosure of PHI make up most of the remaining burden.

The notice is available at gpoaccess.gov/fr/index.html.

via Privacy Rule Burden: 62.3 Million Hours.

#PCI Compliance Only the Start of Security

When the Network Solutions breach was reported last week, the usual buzz about whether or not the company was PCI-compliant began almost immediately.

Similar talk surrounded the situations with Heartland Payment Systems, Hannaford Bros. and just about every other data breach that has happened since the Payment Card Industry Data Security Standard (PCI DSS) was first established. But the question then becomes whether PCI is truly a useful security metric if so many breached businesses seem to be compliant.

via PCI Compliance Only the Start of Security.

ISACA to host IT security conference in Las Vegas |

The role of the IT security professional has expanded from securing an enterprise’s information to also managing the associated risk. ISACA has responded by offering the new Information Security and Risk Management Conference, which combines the most timely material from two of ISACA’s well-regarded security-related conferences.

ISACA, a nonprofit association serving 86,000 IT governance professionals, will host the Information Security and Risk Management Conference in Las Vegas, Nevada, USA, on 28-30 September 2009. The all-encompassing event is designed for all levels of IT security professionals.

via ISACA to host IT security conference in Las Vegas |.

How will California’s tougher-than-HIPAA privacy laws impact U.S.? – FierceHealthIT

Last September, California enacted the toughest patient privacy protections in the country, even tougher than HIPAA. They include specific penalties for medical-record snooping, rules requiring providers to report breaches far more quickly than HIPAA and requirements that safeguards like passwords be put in place. The new laws even establish a new state office supervising patient privacy and imposing fines when violations occur.

via How will California’s tougher-than-HIPAA privacy laws impact U.S.? – FierceHealthIT.

Network Solutions was PCI compliant before breach – SC Magazine US

Web hosting firm Network Solutions on Friday announced that, despite its being PCI compliant, a breach had compromised approximately 573,928 individuals’ credit card information.

…..

Approximately 4,343 e-commerce websites were affected by the breach. Network Solutions could not disclose which merchants were affected but said the victimized merchants sell a wide variety of merchandize and are primarily small businesses

via Network Solutions was PCI compliant before breach – SC Magazine US.

PCI breaches shed light on cloud securityi – Network World

Credit card numbers compromised in an attack against Web hosting provider Network Solutions exposes one of the security problems faced by cloud computing.The company says its infrastructure complied with payment card industry PCI standards when the data was possibly stolen via software installed on is servers.

via PCI breaches shed light on cloud securityi – Network World.

Two Credit Companies offer to pay breach fines – SC Magazine US

Two credit-card payment processors are offering to cover merchants’ fines and penalties in the event of a data breach.

However, the two companies, Heartland Payment Systems and Mercury Payment Systems, have different requirements that must be met before a merchant would qualify for coverage.

via Companies offer to pay breach fines – SC Magazine US.