Monthly Archives: September 2009

Files on 175 Penrose patients apparently stolen | patients, penrose, security – Health – Colorado Springs Gazette, CO

Social security numbers and other personal information for 175 patients of Penrose Hospital’s imaging department were apparently stolen earlier this month.

via Files on 175 Penrose patients apparently stolen | patients, penrose, security – Health – Colorado Springs Gazette, CO.

PCI virtualization SIG closer to proposing changes to standard

The PCI Virtualization Special Interest Group is trying to find consensus before proposing ways to add the technology to the Payment Card Industry Data Security Standards (PCI DSS). The group is meeting this week at Mandalay Bay Resort and Casino in Las Vegas, where the Payment Card Industry Security Standards Council (PCI SSC) is holding its North American Community meeting.

via PCI virtualization SIG closer to proposing changes to standard .

Cyber Defense: Size Doesn’t Matter – FISMA

I just received an “F” on the most recent FISMA report, so I had a lot of work to do there to get into compliance with that mandate. Also saw a whole lot of people working very hard, trying to improve security. I think it was a matter of just needing some direction, some coordination, some processes and some experience in implementing best practices. That was kind of the picture when I got here, and we’re making strides in all of those areas

via Cyber Defense: Size Doesn’t Matter.

First Data And RSA “Legitimize” Tokenization–Then What?

The conventional wisdom is that when large vendors enter a niche market, those vendors “legitimize” that market. But the announcement that First Data and RSA Security are getting into the credit card tokenization business raises many issues beyond them simply “making” the tokenization market.

via StorefrontBacktalk » Blog Archive » First Data And RSA “Legitimize” Tokenization–Then What?.

PCI Evolution Tied to Emerging Technologies

Emerging technologies are the hottest topics of discussion within the PCI Security Standards Council community meeting in Las Vegas this week.

The question, says David Taylor, founder of the PCI Knowledge Base, a PCI research firm, is ‘How will PCI’s security standards council embrace end-to-end encryption, tokenization and other emerging technologies?’

via PCI Evolution Tied to Emerging Technologies.

Mixed PCI DSS compliance puts consumers at risk | 23 Sep 2009 | ComputerWeekly.com

Some 79% of US and multinational companies surveyed said they had lost credit card information, yet only 29% use PCI DSS as part of their security strategy.

Over half (55%) said they focus on protecting only credit card data and do not attempt to secure other sensitive customer information, the survey showed.

via Mixed PCI DSS compliance puts consumers at risk | 23 Sep 2009 | ComputerWeekly.com.

HHS guts health-care breach notification law, groups warn

However, in an interim final rule published late last month, the HHS introduced a new “harm threshold” for breach notification which critics say completely guts the original intent of the bill. Under the change, health-care entities will be required to publicly disclose breaches involving health-care data only if they think the breach will cause financial or reputational harm to those whose data was compromised.

The change allows health-care companies to do a self-assessment of the potential privacy and fraud risks stemming from a data breach and leaves it up to them to decide if a notification is justified. If a breached company decides there is no harm, it will have no obligation to disclose the breach to anyone — even if it had taken no measures previously to protect the data

via HHS guts health-care breach notification law, groups warn.

Spurs aiming for the goal of PCI card security compliance – 15 Sep 2009 – Computing

Premier League football club Tottenham Hotspur has a critical short-term goal to achieve – other than trying to remain near the top of the table.

The club is racing against an October deadline to roll out compliance with the payment card industry’s data security standard (PCI DSS).

Spurs processes 700,000 credit card transactions a year, and a planned new 58,000-seater stadium, up from 36,000 seats, is expected to increase the number of credit card transactions significantly.

via Spurs aiming for the goal of PCI card security compliance – 15 Sep 2009 – Computing.

PCI Report Poses a Quandary: Where Did 1.5 Million Merchants Go?

Visa’s latest report, posted in mid-August, reveals another curious numerical quirk. It estimates the number of Level 4 merchants at about 5 million. But in a PCI report for June 2007, Visa estimated the number of Level 4 merchants at about 6.5 million, says Gartner Inc. technology and security analyst Avivah Litan. She interprets that reduction to be a result of PCI causing networks and acquirers to look hard at where their transactions come from and thus make their counting more accurate. “PCI is forcing Visa to get a better handle on who’s connecting to them,” she says.

via News.