Frustrated, I asked the participants at my last meeting, “If not the PCI standards, then what standard do you want to follow to ensure the security of cardholder data?” Roaring silence.
Dell today announced it has signed a definitive agreement to acquire SecureWorks® Inc., a globally recognized provider of information-security services. SecureWorks’ industry leading Security-as-a-Service solutions include Managed-Security Services, Security and Risk Consulting Services and Threat Intelligence. The acquisition expands Dell’s global IT-as-a-Service offerings and information security expertise.
People are always asking me why complying with the PCI standards is important as in, “What’s in it for my company?” So I thought I would take a known, documented breach and walk through where PCI compliance would have made a difference
Indiana Attorney General Gregory Zoeller has filed a lawsuit against health insurer WellPoint Inc., alleging the company did not notify 32,051 affected consumers in the state of a breach of their protected health information in a timely manner.
The first thing readers will notice when they open PCI Version 2.0 is an expanded section defining PCI scope. Version 2 requires merchants and processors to identify explicitly all the locations and flows of cardholder data annually before they begin their assessment. The specific instructions are to make sure that no data has leaked outside your defined cardholder data environment and, if you find any, that you either eliminate the data or include it in your assessment.
The names, addresses and some health information of 280,000 Medicaid enrollees in Pennsylvania could be at risk after two affiliated managed care organizations reported the loss of a hard drive from a portable computer.The hard drive went missing in the corporate offices of either Philadelphia-based Keystone Mercy Health Plan or Harrisburg-based AmeriHealth Mercy Health Plan, the Philadelphia Inquirer reports. The two companies cover a total of 400,000 Medicaid patients in the state.
In an effort to make cloud solutions more easily available to government agencies, the US General Services Administration (www.gsa.gov) has awarded 11 companies a five-year, government-wide Blanket Purchase Agreement to make Infrastructure as a Service solutions available to all levels of government through the gateway “Apps.gov”.
If there was any doubt about the popularity of electronic dupery, it should be put to rest with a report on global fraud released the week by the risk management consulting firm Kroll. For the first time since 2007, when the company began putting together its annual survey on crime, electronic fraud surpassed physical scams as the most common form of fraud in the world.
Ready for another threat to individual privacy? Less insidious, perhaps, than phishing, but potentially as damaging is a relatively new technique called “scraping.”
Scraping is the practice of trolling social networking sites, message boards and chat rooms looking for personal information that can help firms target the right people with their marketing efforts. And instead of being cloaked in the guise of a Nigerian prince or other shady character, scraping is being sponsored by some big-name, legitimate companies, and it’s starting to find its way into healthcare.
Heartland Payment Systems has agreed to pay $5 million to Discover to settle claims arising from the massive data breach disclosed by the payment processor last year.
In a brief statement on Wednesday, the Princeton, N.J.-based Heartland said the settlement “resolves all issues” between the two companies stemming from the intrusion.