Jan 02 2023

3 important changes in how data will be used and treated

Category: Data Breach,Data mining,data securityDISC @ 11:51 am

Regula has presented their vision of the developments that will shape the industry’s landscape in 2023. Deepfakes, new cyber-hygiene norms, and demand for mature ID verification platforms are among some of the predictions for the next year.

While more and more industries move their customer experiences to digital, online identity verification is becoming an essential part of our life. It lets people cope with all sorts of mission-critical activities online: opening bank accounts, applying for benefits, getting insurance payouts, and even getting medical advice.

Still, the security of the digital IDV process is the number one concern that is forming the industry’s landscape and driving the majority of significant changes.

Javelin Strategy & Research reports that in 2022, identity fraud and scams cost $52 billion and affected over 42 million people in the US alone. The rising number of identity fraud cases, along with fraudsters’ hunger for personal information collected by service providers, will lead to three important changes in how data will be used and treated:

  • Even industries that are not so heavily regulated will invest more in the ID verification process, adding extra security layers. There will be more checks with increased complexity and additional steps in the verification process: biometric checks, verifying IDs, SMSs, and passwords, checking recent transactions, etc.
  • This will lead to prioritization of comprehensive liveness checks to make sure that submitted documents are valid and really exist. An ID document contains various security features: holograms, elements printed with optical variable inks, and biometric data, to name a few, and an image of it should be taken using methods so that these elements can be captured and verified.
  • Regula experts expect to see a push from users for more data protection rules, and for more transparency from online businesses. In the wake of multiple public disclosures of data leaks, users are gradually losing trust in how their data is treated and becoming more cautious about what they share with third parties and how. Addressing this trend, companies will attempt to bring that trust back via increased investments in customer data protection measures.

When it comes to more complex identity fraud cases related to synthetic media like deepfakes, experts expect to see a rise in amateur scam attempts along with the emergence of next-gen biometric-related fraud.

Both trends are developing in parallel and are powered by the same factor: the growing maturity and availability of machine-learning based technologies that make it possible to fake photos, videos, voices, and other characteristics previously considered unique.

Based on the opinion of Regula experts, all these trends will lead to a market that is developed enough to embrace mature end-to-end IDV solutions that are capable of not only verifying documents, but also biometric characteristics, like face, voice, and fingerprints.

“The good news is that minimal security measures are currently enough to repel 95% of possible attacks. The remaining 5% is where the difficulties lie. Now, most deepfakes are created for free, and they’re of such a quality that there’s no immediate danger. But that’s a matter of how many resources fraudsters will be willing to invest. At the moment, when they’re ready to spend significant amounts of money per deepfake, it’s a problem that requires interactive multi-layered protection. So if we picture the trends above as a scale, where convenience for the customer is on one end and security on the other, the balance is shifting to the latter,” notes Ihar Kliashchou, CTO at Regula.

In relation to this year’s trending topics — digital identity and decentralized identity — the company’s experts have their own take on that:

  • In the ideal world, a universal digital identity would help eliminate most of the issues with fake identities. However, in reality, creating and gaining broad acceptance and implementation of a secure single source of truth is going to take a significant amount of time. Still, we’re already seeing more different local and even company-based digital identities trying to become a single source of truth on a local level.
  • The idea of decentralized identity is going to be held back for some time. With the benefit of being built on blockchains and allowing users to control their digital identifiers, this system still comes with weaknesses. Since no one controls it centrally, no one will be responsible for it in case of any problems. Additionally, there is the matter of trust. Blockchain is strongly associated in people’s minds with crypto, and the FTX crash that has happened in the last couple of months has undermined people’s trust in it.


Infosec books
 | InfoSec tools | InfoSec services

Tags: data security


Dec 08 2022

Don’t Sell Your Laptop Without Following These Steps

Before selling or trading in your laptop, it is important to prepare the device for its new owner as this will help ensure all of your personal data remains safe.

In an age when every day, a new version of a laptop with better features, sleek design, and improved performance hits the market, it is no wonder that you also wish to buy a new laptop to achieve excellence in performance and enjoy new features.

You have money, you can buy a new laptop, great! But what about your previous laptop? If you are thinking of selling it, then
stop.

If you think selling a laptop is all about saving your data, finding a seller, and selling it, then you need to think again. It goes beyond this! It is not all about getting a fair price, but also saving your personal information and private data from reaching a stranger – that might cost you a lot if that stranger is fraudulent or malicious.

Before selling or trading in your laptop, it is important to prepare the device for its new owner. This can be done by taking several simple precautions that will help ensure all of your personal data remains safe.

1 Save Your Important Data

It goes without saying that your first step should be keeping a backup of your essential data, including personal and work-related files and folders, containing documents, presentations, emails, plans, strategies, or anything else that you have prepared with so much hard work.

If you don’t want to see your data slipping from your fingers, then this should be your number one step.

You can save your data on a data drive or upload it to a reliable cloud service. Or send them to your own email address (well, this is my favorite way of saving my data!). Do whatever suits you, but saving data is a must before selling your laptop.

However, this can only work if you have a few GB of data. In case you have terabytes of data then owning a workstation from companies like Western Digital (WD) is a good way to go.

2 Delete Passwords Permanently

Nobody wants the passwords of important accounts to get leaked. Full stop! But have you ever thought about how to save your passwords before giving your laptop? What — did you just say you can do it by signing off from all your accounts and deleting history and cookies? Ah, I wish it was really that easy, but it is not. 

Where technology has brought so much ease into our lives, there it has also become a trouble in many ways — like this one. Unfortunately, some software can extract passwords even if you log out from your accounts.

That is where you should act smartly if you don’t want someone to sneak into your Facebook and start sending weird messages through your accounts to your friends. It could trigger so many controversies – eh. So, cut iron with iron.

You can also use apps such as password generators. One such example is the IPVanish password generator which lets users delete passwords permanently from their browsers. If you wish to do that manually, follow these easy steps:

For Chrome browser: First, open Chrome and click on the three-dot menu icon located in the top right corner. Then select “Settings” and click on “Passwords” under Autofill. Here you will find a list of all the websites that have saved credentials, along with their usernames and passwords.

Select an entry to see the details, then click on the three-dot menu icon next to it and select “Remove.” You’ll be asked to confirm by clicking “remove” again; once confirmed all login information for that website will be deleted from your computer. (Read more on Google.)

For Firefox: First, launch the Firefox browser on your device. Then, click the ‘Menu’ icon (three lines in the upper right corner) and select ‘Options’ or ‘Preferences’. In this menu, you will see a section for ‘Logins & Passwords. You can then scroll through all of your saved logins and passwords until you find the one that needs to be deleted.

For Safari Browser: To begin, open up the Safari browser on your computer and click the ‘Safari’ menu at the top left corner. In that menu option, select ‘Preferences’ and then navigate to the ‘Passwords’ tab. (Read more on Mozilla.)

Here you will see a list of all of your stored passwords that have been saved by Safari. To delete one or more of these passwords, simply check off each box next to each entry that you wish to remove and hit delete in the bottom right corner. (Read more on Apple.)

3 Format the Drive

Have you saved your important data? Great! Now, what about data that is still on your laptop? Obviously, you can’t leave it like this for others to see your private information and confidential data. No, just deleting data files and clearing Recycle Bin or Shift + Delete might not work. It can still keep the issue of data leakage and privacy breaches there. 

In this condition, most people go for drive formatting that cleans up your laptop and makes it data free. However, this method works if your files are overwritten and you are using a solid-state drive (SSD) with TRIM enabled.

With HDD or TRIM disabled, you would have to overwrite the hard drive if you don’t want cheap software to recover your data – yes, even after formatting. It is very easy to recover a permanently deleted file through even cheap software. So, be safe than sorry!

4 Prepare Your Laptop for Selling

Once you are done saving your information, next, it is time to prepare your laptop for sale at a good price. The price of your gadget also depends on its model, functionalities, current market price, and a lot more. However, improving the outer condition, and speed, upgrading Windows, and enhancing the memory storage can enhance the price of your laptop. 

So, work on the following things to get good bucks:

  • First, install the latest Windows to make your buyer happy. You can vow anyone with the latest functionalities already installed on the laptop, so that person wouldn’t have to go through all the trouble. It is a good chance to impress a buyer.
  • Second, work on the speed of the laptop. Half of the work is already done when you delete files and data. So, reset the laptop to speed it up.
  • Clean up your laptop, please. Don’t take your laptop to a buyer with all the lint or dust trapped between keys and scratches on the screen. You can remove lint or dust with a brush and change the screen cover. This simple work can make a lot of difference.
  • Lastly, visit a laptop expert and ask for a thorough inspection so that you can rectify if there are any internal faulty parts.

Don't Sell Your Laptop Without Following These Steps

PROFESSIONAL HARD DRIVE ERASER 32/64Bit Professional Edition – Wipe your Hard Drive Securely for for ALL operating systems

Tags: data erase, data security


Sep 01 2022

List of Data Breaches and Cyber Attacks in August 2022 – 97 Million Records Breached

August 2022 has been a lesson in being careful with whom you provide sensitive information. In a month that saw the former US president accused of misappropriating classified government documents, there were also a spate of malicious insiders compromising their employer’s systems.

Meanwhile, the bastion of password security, LastPass, announced that its systems had been breached – although the organisation is confident that customers’ details remain secure.

In total, we identified 112 publicly disclosed security incidents in August, resulting in 97,456,345 compromised records.

You can find the full list of incidents below, broken into their respective categories.


Contents

Data Breaches

Data Security

Free Basic network and Data Security Awareness

Tags: data breach, data security, infosec breach


Aug 20 2020

5 Common Accidental Sources of Data Leaks

Category: data securityDISC @ 11:39 am

 

5 Common Accidental Sources of Data Leaks – Nightfall AI

How do bad actors gain access to a company’s data? Most of the time, well-meaning everyday people are the real source of data insecurity.

In cybersecurity and infosec, it’s common to assume that criminals are behind all data breaches and major security events. Bad actors are easy to blame for information leaks or account takeovers, because they’re the ones taking advantage of vulnerabilities in systems to worm their way in and cause massive damage. But how do they gain access in the first place? Most of the time, well-meaning everyday people are the real source of data insecurity.

A study of data from 2016 and 2017 indicated that 92% of security data incidents and 84% of confirmed data breaches were unintentional or inadvertent. Accidental data loss continues to plague IT teams, especially as more organizations are rapidly moving to the cloud. While it’s important to prioritize action against outside threats, make sure to include a strategy to minimize the damage from accidental breaches as well.

This list of five common sources of accidental data leaks will help you identify the problems that could be lurking in your systems, apps, and platforms. Use these examples to prepare tighter security controls and keep internal problems from becoming major issues across your entire organization.

Source: 5 Common Accidental Sources of Data Leaks – Nightfall AI




Tags: Data Leaks, data loss prevention, data privacy, data ptotection, data security


Jan 31 2019

The biggest ever data dump just hit a colossal 2.2 billion accounts

Category: data security,Security BreachDISC @ 11:12 am

  • Data Security
  • Thought Collection #1 was big? Collection #2-5 just dwarfed it

    Source: The biggest ever data dump just hit a colossal 2.2 billion accounts





    Tags: Data dump, data privacy, data security


    Sep 27 2017

    Data flow mapping under the EU GDPR

    Category: data security,GDPR,Security ComplianceDISC @ 8:56 am

    As part of an EU General Data Protection Regulation (GDPR) compliance project, organisations will need to map their data and information flows in order to assess their privacy risks. This is also an essential first step for completing a data protection impact assessment (DPIA), which is mandatory for certain types of processing.

    The key elements of data mapping

    To effectively map your data, you need to understand the information flow, describe it and identify its key elements.

    1. Understand the information flow

    An information flow is a transfer of information from one location to another, for example:

    • From inside to outside the European Union; or
    • From suppliers and sub-suppliers through to customers.

    2. Describe the information flow

    • Walk through the information lifecycle to identify unforeseen or unintended uses of data. This also helps to minimise what data is collected.
    • Make sure the people who will be using the information are consulted on the practical implications.
    • Consider the potential future uses of the information collected, even if it is not immediately necessary.

    3. Identify its key elements

    Data items

    • What kind of data is being processed (name, email, address, etc.) and what category does it fall into (health data, criminal records, location data, etc.)?

    Formats

    • In what format do you store data (hardcopy, digital, database, bring your own device, mobile phones, etc.)?

    Transfer method

    • How do you collect data (post, telephone, social media) and how do you share it internally (within your organisation) and externally (with third parties)?

    Location

    • What locations are involved within the data flow (offices, the Cloud, third parties, etc.)?

    Accountability

    • Who is accountable for the personal data? Often this changes as the data moves throughout the organisation.

    Access

    • Who has access to the data in question?

     

    The key challenges of data mapping

    • Identifying personal data Personal data can reside in a number of locations and be stored in a number of formats, such as paper, electronic and audio. Your first challenge is deciding what information you need to record and in what format.
    • Identifying appropriate technical and organizational safeguards The second challenge is likely to be identifying the appropriate technology – and the policy and procedures for its use – to protect information while also determining who controls access to it.
    • Understanding legal and regulatory obligations Your final challenge is determining what your organisation’s legal and regulatory obligations are. As well as the GDPR, this can include other compliance standards, such as the Payment Card Industry Data Security Standard (PCI DSS) and ISO 27001.Once you’ve completed these three challenges, you’ll be in a position to move forward, gaining the trust and confidence of your key stakeholders.

     

    Data flow mapping

    To help you gather the above information and consolidate it into one area, Vigilant Software, a subsidiary of IT Governance, has developed a data flow mapping tool with a specific focus on the GDPR.

     

    Order Today

     





    Tags: data flow mapping, data privacy, data security, gdpr


    Jun 19 2015

    Cyber Resilience Best Practices

    Category: Cyber Insurance,cyber security,CybercrimeDISC @ 11:07 am

    Cyber Resilience

    Cyber Resilience

    RESILIAℱ Cyber Resilience Best Practices

    AXELOS’s new guide RESILIAℱ Cyber Resilience Best Practices provides a methodology for detecting and recovering from cyber security incidents using the ITIL lifecycle

    RESILIAℱ Cyber Resilience Best Practices

    Best guide on Cyber Resilience on the web – Cyber Resilience Best Practices
    is part of the AXELOS RESILIAℱ portfolio.

    RESILIAℱ Cyber Resilience Best Practices is aimed at anyone that is responsible for staff or processes that contribute to the cyber resilience of the organization.

    The methodology outlined in this manual has been designed to complement existing policies and frameworks, helping create a benchmark for cyber resilience knowledge and skills.

    • Designed to help organizations better prepare themselves to deal with the increasing range and complexity of cyber threats.
    • Provides a management approach to assist organizations with their compliance needs, complementing new and existing policies and frameworks.
    • Developed by experts in hands-on cyber resilience and systems management, working closely with subject and technology experts in cyber security assessment.
    • Supports the best-practice training and certification that is available to help organizations educate their staff by providing a defined benchmark for cyber resilience knowledge and skills.
    • Aligned with ITILÂź, which is the most widely accepted service management framework. The best practice is equally suitable for organizations to adopt within other systems, such as COBITÂź and organization-specific frameworks.

     

    Target market

     

    • Managers who are responsible for staff and processes where cyber resilience practices are required – for example those processing payment card information, sensitive commercial data or customer communications.
    • IT service management teams, IT development and security teams, cyber teams and relevant team leaders that operate the information systems that the organization relies on.
    • IT designers and architects, those responsible for the design of the information systems and the controls that provide resilience.
    • The chief information security officer (CISO), the chief security officer (CSO), IT director, head of IT and IT managers.

     

    Buy this guide and gain practical guidance on assessing, deploying and managing cyber resilience within business operations.
    RESILIAℱ Cyber Resilience Best Practices





    Tags: Chief Information Security Officer, CISO, Computer security, CSO, cyber crime, Cyber Defence, Cyber Insurance, Cyber protection, Cyber Resilience, cyber security, Cyber Security countermeasures, Cyber Security Safeguards, cyber threats, data security, Information Security, Information Technology Infrastructure Library, ISO, iso 27001, iso 27002


    Aug 22 2014

    Do it yourself solution for ISO27001 implementation

    Category: ISO 27kDISC @ 3:16 pm

    DoItYourself

    ISO 27001 Do It Yourself Package

    This is the do-it-yourself solution for ISO27001 implementation

    Cyber crime is increasing exponentially, and this trend will continue as more business activities move online and more consumers connect to the Internet. ISO/IEC 27001 is the only international information security management Standard that can help your organization protect its critical data assets, comply with legislation and regulations, and thrive as customer confidence in its data security practices increases.

    This package is aimed at organisations that have substantial management system expertise (with ISO9001, or ISO20000, for instance) and an understanding of information security management, as well as the necessary available internal resources and a corporate culture of keeping overall external costs down by following a do-it-yourself approach to project management.

     

    This package does not include certification fees which are paid directly to the certification body.

     

    The ISO 27001 do-it-yourself package contains:

    • The ISO 27001:2013 Standard, which details the requirements against which you will be audited.
    • The ISO 27002:2013 Standard, which is the code of practice that provides supports for the implementation of information security controls for ISO27001.
    • The ISO 27000:2014 Standard, which contains the terms and definitions referenced in ISO27001.
    • IT Governance – An International Guide to Data Security and ISO27001/ISO27002, which details how to design, implement and deliver an Information Security Management System (ISMS) that complies with ISO27001.
    • Nine Steps to Success – An ISO 27001 Implementation Overview, which outlines the nine critical steps that mean the difference between ISO27001 project success and failure.

    The standards set out the requirements for best-practice information security management. The implementation manuals provide you with detailed implementation advice based on practical experience, which you can access in your own time and at your own pace.

    Based on your needs, you may also need: ISO27001-2013 Gap Analysis Tool




    Tags: Corporate governance of information technology, data security, Information Security, Information Security Management System, International Organization for Standardization, isms, ISO/IEC 27001, Risk Assessment


    Jul 21 2010

    Data Breach and Legislation: What’s Coming Your Way?

    Category: Information SecurityDISC @ 11:34 am
    From wired: data breaches
    Image by Agathe B via Flickr

    Prepare now to prevent a ‘security breach’: 45 states and the District of Columbia have laws spelling out procedures when personal information has been … article from: New Hampshire Business Review

    By David Scott

    It’s rather interesting to monitor what’s happening in the UK right now. Data protection legislation is moving forward. And
 business there supports data protection legislation.

    A survey of 1200 businesses indicates that those businesses are concerned about the strength of laws: Nearly 50% feel that laws are weak and require revision, and 87% believe that organizations should be required to divulge breaches of sensitive content where information about the public is involved. [Source: Sophos].

    Here in the U.S., I rather doubt business is keen on more legislative oversight. Generally speaking, I’m wary of new legislation – new laws must be thoroughly reviewed so as to guard against unintended – and negative – consequences, particularly where business is concerned. In today’s economy, we don’t want to impinge businesses’ opportunities for hearty conduct and growth.

    However, I do like the breach notification idea. It serves a couple purposes that come readily to mind:

    – Stakeholders (the public, customers, allied agencies
) are entitled to know about breaches that affect them, or ones that just have the potential to affect the general well-being of the business.

    – Also, healthy exposure and just that potential help to motivate businesses in the currency of their ongoing security measures.

    Particularly for small/medium business, and smaller government agencies such as those at county/municipality level: Do you have in-house security professionals who cast the horizon for new threats, with attendant posture of proactivity? And, do you have strong security partners in the form of advisors, vendors and allied security products?

    How do readers of the Exchange feel about it? Would you welcome new legislation? Are you confident regarding data security in your organization?




    Tags: Data, data breach, data security, Information Privacy, security legislation


    Nov 19 2009

    Health Net healthcare data breach affects1.5 million

    Category: hipaa,Security BreachDISC @ 2:10 pm

    Health Net, Inc.
    Image via Wikipedia


    Here we have another unnecessary major security breach in a large healthcare organization which resulted in a loss of patient data demonstrating poor baseline security. They clearly are not ready for the new HIPAA provision ARRA and HITECH. Review my threats page and evaluate your current business and system risks to make sure this does not happen to you.

    Contact DISC for any question or high level risk assessment.

    The Practical Guide to HIPAA Privacy and Security Compliance

    By Robert Westervelt, News Editor
    19 Nov 2009 | SearchSecurity.com

    Health Net Inc. announced Wednesday that it is investigating a healthcare data security breach that resulted in the loss of patient data, affecting 1.5 million customers.

    The Woodland Hills, Calif.-based managed healthcare provider said the lost files, a mixture of medical data, Social Security numbers and other personally identifiable information, were collected over the past seven years and contained on a portable external hard drive, which was lost six months ago. The company said the healthcare data was not encrypted, but was formatted as images and required a specific software application to be viewed. The hard drive contained data on 446,000 Connecticut patients.

    The company reported the breach Wednesday to State Attorneys Generals offices in Arizona, Connecticut, New Jersey and New York. Health Net said it was beginning the data security breach notification process of sending out letters to its customers. The company said it expects to send notification letters the week of Nov. 30.

    Connecticut Attorney General Richard Blumenthal said he was investigating the matter and why it took Health Net six months to report the healthcare breach.

    “My investigation will seek to establish what happened and why the company kept its customers and the state in the dark for so long,” Blumenthal said in a statement. “The company’s failure to safeguard such sensitive information and inform consumers of its loss — leaving them naked to identity theft — may have violated state and federal laws.”

    Blumenthal said the hard drive also contained financial data, including bank account numbers. He is seeking coverage for comprehensive, long-term identity theft protection for those customers affected by the breach.

    Health Net provides medical coverage for approximately 6.6 million people and its subsidiaries operate in all 50 states. In a statement, the company said the breach took place in its Connecticut office. So far there have not been any reports of fraud tied to the missing data..

    “Health Net will provide credit monitoring for over two years – free of charge – to all impacted members who elect this service, and will provide assistance to any member who has experienced any suspicious activity, identity theft or health care fraud between May 2009 and their date of enrollment with our identity protection service,” the company said.

    It is the second time in a month that a healthcare provider lost customer data. Anthem Blue Cross and Blue Shield of Connecticut reported a stolen laptop was to blame for a breach compromising the personal information of 850,000 doctors, therapists and other healthcare professionals.

    Security experts have long been advocating that enterprises deploy encryption on laptops and other devices that contain sensitive data. Still, all the technology in the world won’t end employee mistakes and carelessness, said Mike Rothman an analyst with Security Incite.

    “You can do full disk encryption and all sorts of things to protect the device, but you are still fairly constrained by user sophistication,” Rothman said. “You have to start asking questions from a process standpoint relative to why this stuff was on an external drive in the first place.”

    In reality you could turn off all USB ports on your devices, but that could hinder employee productivity, Rothman said. Security always gets back to making sure you have the right processes and policies in place and the right training and awareness so that employees understand what those policies are and ways to audit those processes, he said.

    Experts say encryption should be used as a last resort when all other security policies and processes fail. While many enterprises have focused on encrypting laptops at the endpoint, encryption can be a bit trickier for portable hard drives and other removable media. If the drive is being shared between different systems people need to have some way to access the key, said Ramon Krikken, an analyst at the Burton Group.

    “A lot of these portable hard drives are older without built-in encryption and to the extent to which you can easily deploy encryption has been a challenge for enterprises,” Krikken said.

    Some USB makers market the devices with built-in encryption software. In 2008, Seate Technology extended full disk encryption technology to all its enterprise-class hard drives. The company also began pushing for standards for hard drive encryption in storage systems.

    Nagraj Seshadri, head of product marketing at Utimaco the encryption software division of Sophos Plc, said healthcare organizations need to be just as responsible as financial firms when it comes to protecting data.


    Perhaps healthcare management still doesn’t realize that they might be potentially liable for lack of reasonable safeguards to protect organization assets. Do you think it’s time for healthcare management to take information security seriously as a potential business risk?

    Reblog this post [with Zemanta]




    Tags: arra and hitech, data loss prevention, data security, disk encryption and file encryption, Health care, Health Insurance Portability and Accountability Act, Identity Theft, identity theft and data security breaches, Personally identifiable information, Security, security awareness training


    Nov 06 2009

    Laptop Heist Exposes Doctors’ Personal Data

    Category: hipaa,Security BreachDISC @ 6:50 pm

    doctor

    Another stolen laptop puts thousands of people’s personal data at risk but this time it’s the caregivers — not the patients — who are at risk.

    November 6, 2009
    By Larry Barrett:

    More than 10,000 physicians’ and dentists’ personal data was exposed last week in New Hampshire after an employee at Anthem Blue Cross and Blue Shield transferred the health care providers’ Social Security numbers and other data to a personal laptop that was later stolen.

    Anthem spokesman Christopher Dugan said the security breach took place at the national level and the files did not include any patients’ personal data.

    The Blue Cross Blue Shield Association said the employees’ ill-fated decision to transfer the sensitive information to a personal laptop violated the insurer’s security policies.

    Just last week, more than 33,000 patients receiving care from a Daytona Beach, Fla. medical center were notified that their data may have been compromised when a laptop was stolen from an employee’s car.
    New Hampshire is one of 43 states that require companies and organizations to notify people when their personal or financial information is accidentally or deliberately compromised.

    Anthem officials said it will provide free credit-monitoring services to all the affected physicians and dentists for a year.

    It’s not been the best of months for the insurer.

    On Oct. 5, Blue Cross warned another 39,000 doctors that a yet another laptop stolen from the company’s Chicago headquarters could have potentially exposed an assortment of personal information including Social Security numbers and tax identification numbers.
    A Ponemon Institute by Traverse City, Mich.-based data security researcher Ponemon Institute estimates that more than 12,000 laptops are stolen or lost at airports alone each week.

    It also found that the average large company has 640 laptops, 1,985 USB memory sticks, 1,075 smart phones and 1,324 other various data devices stolen or lost each year — ;a total of 800,000 data-sensitive memory devices a year.

    Reblog this post [with Zemanta]




    Tags: arra and hitech, crime, data breach, data security, Health Insurance Portability and Accountability Act, hipaa, laptop, Physician, Security, stolen laptop