Tenable developed the Passive Vulnerability Scanner PVS to complement its other market leading active network scanner, Nessus. Where Nessus allows organizations to audit networks for known vulnerabilities, conduct full patch and configuration and compliance audits at a point in time, Tenable’s PVS allows organizations to continuously monitor the same network by analyzing network traffic 24×7 and provide real-time updates to Tenable’s SecurityCenter on new devices, applications running on those devices and known vulnerabilities associated with those devices.
via Tenable Network Security Awarded U.S. Patent for Network Monitoring Technology – Technology | Centre Daily Times – State College, PA | Penn State, Nittany Lions, weather, news, jobs, homes, apartments, real estate.
The OCR, which enforces the HIPAA Privacy and Security Rules, opened its investigation of RAC after television media videotaped incidents in which pharmacies were shown to have disposed of prescriptions and labeled pill bottles containing individuals’ identifiable information in industrial trash containers that were accessible to the public. These incidents were reported as occurring in a variety of cities across the United States. Rite Aid pharmacy stores in several of the cities were highlighted in media reports.
via Rite Aid Agrees to Pay $1 Million to Settle HIPAA Privacy Case – MarketWatch.
If the past week is any indication and I’m afraid it is, health care companies are doing an abysmal job at protecting personal health care data.This evening the Colorado Department of Health Care Policy and Financing announced that state officials discovered an unauthorized removal of a computer hard drive from the state’s Office of Information Technology Department: The information did NOT include addresses, dates of birth, social security numbers or any other financial information that could be used for identity theft. It included name, state ID number and the name of the client’s program. Approximately 111,000 clients, or one-fifth of those receiving public health insurance, will receive notification by first-class mail, as required by HIPAA.
via Healthcare Breaches Spin Out Of Control – Security Blog – InformationWeek.
This week Visa Inc. said it’s going to reduce unnecessary storage of sensitive card information in merchant payment systems. Specifically, Visa is clarifying that existing operating regulations ensure acquirers and issuers allow merchants to present a truncated, disguised or masked card number on a transaction receipt for dispute resolution in place of the full 16-digit card number.
“By reducing the amount of vulnerable data in merchant systems that must be protected from compromise, merchants can see greater security as well as more streamlined compliance needs,” said Visa’s Eduardo Perez, head of global payment system security, in a statement.
via Visa Clarifies Security Rules.
Connecticut Attorney General Richard Blumenthal has announced that his office has reached a settlement with health insurance company Health Net over a failure to secure patient information on almost a half-million state enrollees, and subsequent failure to promptly notify consumers about the breach. The settlement involves Health Net of the Northeast Inc., Health Net of Connecticut Inc., and parent companies UnitedHealth Group Inc. and Oxford Health Plans.
via DOTmed.com – Connecticut AG reaches agreement with Health Net over data breach.
A California hospital will fire five employees and discipline another because they posted personal discussions concerning hospital patients using social media.An ongoing investigation at Tri-City Medical Center in Oceanside “has not yet identified any evidence that patient names, photographs, or similar identifying information was posted by these employees,” according to a statement from Larry Anderson, CEO. “But our investigation yielded sufficient information to warrant disciplinary action.”
via 5 Fired For Social Media Use.
The federal law known as HIPAA that is meant to protect the privacy of patients “specifically allows medical centers to use patient information for fundraising activities,” The Seattle Times reports. “Information about diagnosis or treatment is off-limits, but federal and state laws allow hospitals, in most cases, to use a patient's name, address, contact information, dates of hospital service, gender, age and insurance status in fundraising efforts.”
via Patients Question HIPAA Provision That Allows Use Of Patient Data For Fundraising.
Washington last week became the third state to pass legislation that will allow banks to recover certain costs and damages from retailers and credit card processors that suffer data breaches after failing to comply with current Payment Card Industry (PCI) standards.
The law, which goes into effect on July 1 in Washington, follows similar laws passed in the states of Minnesota and Nevada and marks a fundamental change in the way government and private sector industries assign responsibility and accountability for preventing identity theft.
via New Law Lets Banks Recover Data Breach Costs – www.esecurityplanet.com.
My office is investigating allegations that a radiologist formerly affiliated with Griffin Hospital improperly accessed the medical information of almost 1,000 of the hospital’s patients,” Blumenthal said in a prepared statement
via Blumenthal Investigating Griffin Hospital Information Breach | Connecticut Watchdog.
But state health authorities have discovered an unknown number of unidentified people have keys to locked bins at the hospital where patient information sheets are deposited for shredding.
UMC officials did not know who had keys to the bins, nor how many had been issued
via Hospital can’t account for keys to bins of patient records for shredding – Friday, March 19, 2010 | 2:01 a.m. – Las Vegas Sun.