#PCI Compliance Only the Start of Security

Posted by on July 31, 2009 No comments

When the Network Solutions breach was reported last week, the usual buzz about whether or not the company was PCI-compliant began almost immediately.

Similar talk surrounded the situations with Heartland Payment Systems, Hannaford Bros. and just about every other data breach that has happened since the Payment Card Industry Data Security Standard (PCI DSS) was first established. But the question then becomes whether PCI is truly a useful security metric if so many breached businesses seem to be compliant.

via PCI Compliance Only the Start of Security.

Interesting take on HIPAA: Blocking EMS scanner traffic hurts the public

Posted by on July 31, 2009 No comments

Interesting take on HIPAA:

Starting today, reporters at the Express-News and other local media outlets will not have access to emergency medical services scanner traffic. This will make their jobs harder because they won’t hear addresses where incidents occur, or the reason an ambulance is needed.

via Blocking EMS scanner traffic hurts the public.

ISACA to host IT security conference in Las Vegas |

Posted by on July 28, 2009 No comments

The role of the IT security professional has expanded from securing an enterprise’s information to also managing the associated risk. ISACA has responded by offering the new Information Security and Risk Management Conference, which combines the most timely material from two of ISACA’s well-regarded security-related conferences.

ISACA, a nonprofit association serving 86,000 IT governance professionals, will host the Information Security and Risk Management Conference in Las Vegas, Nevada, USA, on 28-30 September 2009. The all-encompassing event is designed for all levels of IT security professionals.

via ISACA to host IT security conference in Las Vegas |.

How will California’s tougher-than-HIPAA privacy laws impact U.S.? – FierceHealthIT

Posted by on July 27, 2009 No comments

Last September, California enacted the toughest patient privacy protections in the country, even tougher than HIPAA. They include specific penalties for medical-record snooping, rules requiring providers to report breaches far more quickly than HIPAA and requirements that safeguards like passwords be put in place. The new laws even establish a new state office supervising patient privacy and imposing fines when violations occur.

via How will California’s tougher-than-HIPAA privacy laws impact U.S.? – FierceHealthIT.

Network Solutions was PCI compliant before breach – SC Magazine US

Posted by on July 27, 2009 No comments

Web hosting firm Network Solutions on Friday announced that, despite its being PCI compliant, a breach had compromised approximately 573,928 individuals’ credit card information.

…..

Approximately 4,343 e-commerce websites were affected by the breach. Network Solutions could not disclose which merchants were affected but said the victimized merchants sell a wide variety of merchandize and are primarily small businesses

via Network Solutions was PCI compliant before breach – SC Magazine US.

PCI breaches shed light on cloud securityi – Network World

Posted by on July 27, 2009 No comments

Credit card numbers compromised in an attack against Web hosting provider Network Solutions exposes one of the security problems faced by cloud computing.The company says its infrastructure complied with payment card industry PCI standards when the data was possibly stolen via software installed on is servers.

via PCI breaches shed light on cloud securityi – Network World.

Two Credit Companies offer to pay breach fines – SC Magazine US

Posted by on July 22, 2009 No comments

Two credit-card payment processors are offering to cover merchants’ fines and penalties in the event of a data breach.

However, the two companies, Heartland Payment Systems and Mercury Payment Systems, have different requirements that must be met before a merchant would qualify for coverage.

via Companies offer to pay breach fines – SC Magazine US.

Doctor and Two Former Hospital Employees Plead Guilty to HIPAA Violations

Posted by on July 22, 2009 No comments

Dr. Holland, Medical Director of Select Specialty Hospital, located on the 6th floor of the St. Vincent Infirmary Medical Center ( SVIMC ), admitted that after watching news reports on television, he logged on to the SVIMC patient records from his computer at home and accessed a patient’s files to determine if the news reports were accurate. He stated he then logged off the computer admitting that it was inappropriate for him to be looking at the file. He admitted he accessed the file because he was curious. Dr. Holland stated that he had had HIPAA training and that he understood he was violating HIPAA when he accessed the file. SVIMC suspended Dr. Holland’s privileges for two weeks and required him to complete on-line HIPAA training.

via Media-Newswire.com – Press Release Distribution – PR Agency.

Is IT Risk Management Compatible With ERM?

Posted by on July 22, 2009 No comments

But in spite of these warnings, my conversations with enterprise risk and IT risk professionals still reveal many disconnects, including that IT risks are not measured consistently with other enterprise risks. In addition, many IT risk professionals do not see their biggest risks showing up on the corporate risk register.

via The Forrester Blog For Security & Risk Professionals.

Kaiser hospital hit with another fine for privacy violation – FierceHealthIT

Posted by on July 20, 2009 No comments

The California Department of Public Health issued an administrative penalty of $187,500 this week against the facility after concluding that the hospital didn’t do enough to protect patient health information. Bellflower Hospital was previously slapped with a $250,000 fine in May for violations taking place in mid-March during Nadya Suleman’s inpatient stay.

via Kaiser hospital hit with another fine for privacy violation – FierceHealthIT.