Data Breaches Involving Business Associates
According to data on OCR’s website, there have been 292 breaches affecting 500 or more individuals since September 2009. Business associates have been involved in 57, or about 20%, of those breaches.
via OCR Deciding Whether To Run HIPAA Audits on Business Associates – iHealthBeat.
The 25 most used passwords? seinfeld, password, winner, 123456, purple, sweeps, contest, princess, maggie, 9452, peanut, shadow, ginger, michael, buster, sunshine, tigger, cookie, george, summer, taylor, bosco, abc123, ashley, bailey
via Analysis of passwords in Sony security breach.
As Sony deals with their most recent data breach of one million passwords, we look at the the largest data loss incidents on record
via Largest data breaches of all time.
Smaller merchants tend to rely on their acquirer or independent sales organization (ISO) to initiate PCI DSS compliance validation. Without directive or enforcement of such initiatives, many will forgo basic steps to protect their networks and their customers’ cardholder data because they feel they do not have the time or the proper resources, or they’re just not aware of the requirement, the survey found.
via Infosecurity (USA) – Small merchants make up lion’s share of credit card breaches.
The federal list of major health information breaches that have occurred since September 2009 included 249 incidents affecting nearly 8.3 million individuals as of Tuesday. But the total number affected could surpass 10 million once details about the recent Health Net breach are added.
via Health Breach Tally Hits 8.3 Million.
According to a survey recently unveiled by the Ponemon Institute, a new factor is driving adoption of encryption technologies by merchants. For the first time in the six years of the U.S. Enterprise Encryption Trends survey, more businesses emphasized the meeting of PCI DSS requirements as a factor for adopting encryption technology. Previously the primary motivation to adopt data security technologies was to protect against security breaches.
via PCI Compliance Concerns Driving Adoption of Encryption.
Electronically protected health information (ePHI) has become a target for malicious attack, according to a recent report by Redspin, Inc., a provider of HIPAA risk analysis and IT security assessment services. The report was conducted between August 2009– when the HITECH breach notification interim final rule (IFR) went into effect—and the end of 2010.
via Report: More than 6M affected since breach notification rule.
Health insurance giant Health Net has been fined by the state of Vermont over the insurer’s loss of a portable disk drive that exposed the protected health information (PHI) of 1.5 million people, including 525 Vermonters.
via Health Net Fined $55K for Data Breach.
People are always asking me why complying with the PCI standards is important as in, “What’s in it for my company?” So I thought I would take a known, documented breach and walk through where PCI compliance would have made a difference
via Anatomy Of A Breach « PCI Guru.