Tokenization Vs. End to End Encryption #PCI
A recent study conducted by PriceWaterhouseCoopers on behalf of the Payment Card Industry Security Standards Council shows that end to end encryption and tokenization are the top choices for companies seeking to employ new emerging technologies to protect payment card and other critical data. And both approaches have their public proponents, including Heartland Payment Systems [...]
Call centre data standards ‘routinely ignored’ #PCI
More than 95% of call centres were found to store customers’ credit card details in recordings of phone conversations in breach of industry rules, according to a survey conducted by a call recording technology company.
Veritape said that when it talked to 133 call centre managers, only 39% of them knew about industry rules against the [...]
Study Finds Protecting Credit Card and Patient Data Drives IT Spending Yet Most Organizations Still at Risk | Reuters
Study Finds Protecting Credit Card and Patient Data Drives IT Spending Yet Most Organizations Still at Risk Less than half encrypt backup tapes, full disks and databases while nearly 20 percent said they would wait for a data breach before they encrypt tapes
via Study Finds Protecting Credit Card and Patient Data Drives IT Spending Yet [...]
HEARTLAND Lawsuit filed #PCI
Months before announcing the Heartland Payment Systems (HPY) data breach, company CEO Robert Carr told industry analysts that the Payment Card Industry Data Security Standard (PCI DSS) was an insufficient protective measure.
This is a class action lawsuit brought by the FI Plaintiffs,
individually, and on behalf of similarly situated banks, credit unions and
other financial institutions that [...]
Express Scripts: 700,000 notified after extortion – Network World
Nearly one year after being hacked by computer extortionists, pharmacy benefits management company Express Scripts now says hundreds of thousands of members may have had their information breached because of the incident.
Last November, the company reported that someone had threatened to expose millions of customer prescription records, but it has come under criticism for being [...]
The Two Scenarios Coming From The PWC PCI Report
The consultants at PWC began with an analysis of 12 security technologies that emerged from 160 interviews with industry players, and then narrowed the list for their “deep dive” investigation to several that they concluded had the best potential to be automated, could be integrated with existing infrastructures and could have a meaningful potential impact [...]
HHS guts health-care breach notification law, groups warn
However, in an interim final rule published late last month, the HHS introduced a new “harm threshold” for breach notification which critics say completely guts the original intent of the bill. Under the change, health-care entities will be required to publicly disclose breaches involving health-care data only if they think the breach will cause financial [...]
HIPAA.com – HHS Issues Interim Final Rule for HITECH ‘Breach Notification’
HHS Issues Interim Final Rule for HITECH ‘Breach Notification’
U.S. Department of Health and Human Services Secretary, Kathleen Sebelius, has issued the Interim Final Rule for Breach Notification for Unsecured Protected Health Information. The Interim Final Rule was signed by Secretary Sebelius on August 6, 2009, filed at the Federal Register on Wednesday, August 19, [...]
Radisson Hotels reports data breach affecting ‘limited’ number of sites, guests
Radisson Hotels revealed Wednesday that a “limited” number of guests may have had their credit or debit card data stolen, due to a breach of the computer systems at some of the chain’s hotels.
via Radisson Hotels reports data breach affecting ‘limited’ number of sites, guests – Network World.
HHS Issues Rule Requiring Individuals Be Notified of Breaches of Their Health Information
The regulations, developed by the HHS Office for Civil Rights (OCR), require health care providers and other HIPAA covered entities to promptly notify affected individuals of a breach, as well as the HHS Secretary and the media in cases where a breach affects more than 500 individuals. Breaches affecting fewer than 500 individuals will be [...]
