Tag Archives: state

New proposed regulations in the US #Compliance #GRC

Posted by on June 26, 2009 No comments

New legislation continues to pass at a fast clip in the US under the new administration, some of the most revealing actions taken so far include:

more at The Forrester Blog For Security & Risk Professionals.

TJX Agrees To Pay States Almost $10 Million For Data Breach #PCI

Posted by on June 25, 2009 No comments

After a probe and negotiations lasting 2-and-a-half years, the TJX chain agreed on Monday (June 22) to pay a group of 41 U.S. states $9.75 million for what appears to be the credit card industry’s worst data breach, a crime that touched more than 100 million payment cards and was revealed in January 2007

via StorefrontBacktalk » Blog Archive » TJX Agrees To Pay States Almost $10 Million For Data Breach.

300 companies were victimized by the same hacker as Heartland

Posted by on June 17, 2009 No comments

Carr also believes that the vast majority of breaches go unreported. He says that around 300 companies were victimized by the same hacker as Heartland, but that most have never come forward. He points to loopholes in the state laws meant to protect consumers in the event of a data breach as the reason.

via Heartland Gets Religion on Security – Digits – WSJ.

Pharmacy pays fine for jeopardizing patient information

Posted by on June 8, 2009 No comments

Indianapolis – A local drug store has agreed to punishment for jeopardizing the private information of its customers.

13 Investigates found the problem in a dumpster loaded with patient records three years ago at Low Cost Pharmacy on the south side. Monday, the owner of the small drug store chain reached a settlement with the state pharmacy board.

via Pharmacy pays fine for jeopardizing patient information – WTHR | Indianapolis.

No Charges To Be Filed On Dumped Medical Records

Posted by on June 2, 2009 No comments

Interesting twist – was wondering who they would file charges against – the doctor is dead.

Chattanooga Police said no charges will be filed in connection with the dumping of medical records at a local recycling center more than two weeks ago.

After consulting with the Tennessee State Medical Board, the city attorney’s office, the district attorney’s office and the U.S. attorney’s office, no charges will be filed against the estate of deceased cosmetic surgeon John Franklin, officials said.

The records were discarded on May 16 when a family member of Dr. Franklin cleared out a home storage area where the medical records were held following Dr. Franklin’s death.

via 6/2/2009 – No Charges To Be Filed On Dumped Medical Records – Breaking News – Chattanoogan.com.

Kaiser Fined $250,000 for Violating Octomom’s Privacy

Posted by on May 21, 2009 No comments

The state of California is fining Kaiser Permanente $250,000 for violating patient privacy laws, two months after the hospital disclosed that several of its workers

via Kaiser Fined $250,000 for Violating Octomom’s Privacy – Momlogic – Yahoo! Buzz.

FISMA Efficacy Questioned – Federal CIO Vivek Kundra

Posted by on May 20, 2009 No comments

Recent breaches at the Federal Aviation Administration and at the vendor that hosts USAjobs.gov demonstrate that the state of federal information security is not what citizens should expect, federal CIO Vivek Kundra testified before the House Committee on Oversight and Government Reform’s Subcommittee on Government Management, Organization and Procurement. He said the seven-year-old Federal Information Security Management Act has raised awareness to agencies of information security but suggested in outlived its usefulness.

via FISMA Efficacy Questioned.

Dumped Tenn. medical files belonged to late doctor

Posted by on May 20, 2009 No comments

Hundreds of medical records dumped at a Chattanooga recycling center belonged to a deceased plastic surgeon who once worked at five area hospitals, according to health officials.

Police were called Saturday when two recycling center customers noticed forms that police said contained medical and financial information from patients. Police collected the records and secured them because the information is believed to fall under federal law protecting patient privacy.

via Dumped Tenn. medical files belonged to late doctor :: WRAL.com.

SAS 70 audits and PCI DSS: Four critical keys for cost-effective compliance

Posted by on May 20, 2009 No comments

SAS 70 audits and PCI DSS assessments are fast becoming two of the most widely recognized and “must have” compliance initiatives for many businesses in today’s growing regulatory environment. Sarbanes Oxley, HIPAA, and other federally mandated legislative acts have pushed Statement on Auditing Standards No. 70 (SAS 70) into the forefront of compliance. Similarly, the Payment Card Industry Data Security Standards (PCI DSS) assessments have also become a widespread compliance mantra affecting thousands of businesses across the globe. And as with any compliance mandate, particularly SAS 70 and PCI DSS, an enormous amount of time and effort are required for achieving overall success.

via SAS 70 audits and PCI DSS: Four critical keys for cost-effective compliance | IT Leadership | TechRepublic.com.

Air traffic systems vulnerable, IG states

Posted by on May 9, 2009 No comments

An audit of the Web applications connected to air-traffic control networks found hundreds of critical vulnerabilities in the software and documented dozens of cyber incidents that continue to be unresolved, auditors stated in a report to the Federal Aviation Administration released this week.

During the investigation, auditors from the Office of the Inspector General for the U.S. Department of Transportation and accounting firm KPMG found 763 high-risk security issues in the Web servers set up to deliver information to the public and to FAA employees. The investigation also discovered more than 3,000 other vulnerabilities, according to the report (pdf). The vulnerabilities include incorrectly configured Web applications and software with known security issues that were not regularly patched.

via Air traffic systems vulnerable, IG states.