Monthly Archives: September 2015

3 Federal Regulatory Data Security Acts Point to State Legislation on the Horizon

What have the feds done for us lately to protect our data security?

1.     Weeks ago the FDA stopped the use of a pump for infusion therapy because it could be hacked

2.     July’s recall of 1.4 million Chryslers, Dodges & Jeeps because of hacking the auto software

3.     The SEC following through on enforcement for insider trading due to a computer hack

Let’s not forget it has also been the year of:

  • student data breaches
  • insurance companies data breaches
  • a fear of data security…

TX Chair of the Subcommittee on Information Technology on Data Security

Texas Congressman Hurd, the chairman of the new House Oversight Subcommittee on Information Technology, in an interview with Passcode says:

  • “One of the things that was so egregious to me is that OPM never said, ‘I’m sorry,’
  •  He also “criticized the agency for its failure to be transparent about notifying victims of the breach.”

Key words for business and policy people: transparency & notification.

The Hill: IT lawmaker: ‘Outrageous’ that OPM hasn’t apologized

Trend: Cyber Insurance $20 Billion in insurance premiums.

Insurer Allianz Global Corporate & Specialty offers caluclated predictions about cyber security and insurance policies:

  • Cyber security costs the US $108 billion/year
  • By 2025, cyber security insurance will be a $20 billion in annual premiums globally
    • In 2015, annual cyber insurance premiums are $2 Billion globally
  • 70% of breaches occur in restaurants
  • To recoup losses after a hack, companies should count on  $200 per record that gets compromised.
     

North Bay Business JournalAs…

Regulatory Trend: Agency Fines for Failing Policies before Data Breach

Which agency is issuing fines for lacking data security policies? The Securities and Exchange Commission. 

Why is the SEC fining a company? Two reasons:

  1. It failied to have an adequate daa security policy in place before it experienced a data breach that exposed financial records of 100,000.
    1. Let’s repeat, the company never adopted written policies and procedures
    2. The company did not conduct periodic risk assessments
    3. The company did not implement a firewall
    4. The company did not…

Federal Government Biometric Data Breach. 5.6 Million Fingerprints Revealed

The federal government data breach not only compromised personal data of 21.5 Million former and current federal employees but also compromised 5.6 Million finger prints. 

That’s 4.5 million more than initially reported. 

Rueters | Deluth News Tribune | Hackers steal 5.6 million fingerprint records in government data breach

The Consumerist: Federal Data Breach Included 5.6M Compromised Fingerprints, Five Times The Original Estimate 

Health Care Data Breaches top 100 Million in 2015 + 3 more health care data breach stats

  1. A study funded by data security firm, ID Experts, found since 2010, health care data breaches up 125%
  2. In 2015,  100 million health care files stolen (Think: Anthem, Premera, Carefirst breaches)
  3. In 2014, the medical/healthcare sector accounted for the highest percentage of breaches at 42.5% according to the data security firm, IDT911
  4. This year’s largest health care data breach so far is the Premera medical data compromise, which may have exposed 11 million medical records

ABC…

Lege Trend: State Data Security Laws Apply to Insurers. 8 states and counting.

8 states have specifically applied thier data breach notificagtion requirements to insurers. 

  • California
  • Connecticut
  • Maine
  • New Hampshire
  • Ohio
  • Rhode Island
  • Vermont
  • Washington
  • Wisconsin

The laws vary on these points, but all specifically apply to insurers:

  • who has to be notified
  • when notification has be given
  • what information triggers a notification
  • what powers an Attorney General has
  • which entities have to provide the notification

JD Supra | Baker Hostetler | State Data Breach…

Data Security Coming to Presidential Campaigns Near You

A a security and privacy group of tech savvy types reviewed presidential candidate websites, and the results are not good if you like security and privacy.

17 of 23 candidates failed according to the The Online Trust Alliance, a nonprofit backed by businesses in the tech industry.

Why such a poor showing for data security this campaign season?

  • nonexistent or inadequate privacy policy disclosures
  • they reserve the right to liberally share or sell their donors and site visitors’…

7 Cyber Security Polls

  • 64% of registered U.S. voters believe it is likely that a 2016 presidential campaign will be hacked
  • Who is most qualified to protect the US against a cyber attack?
    • 42%  of registered voters surveyed think Hillary Clinton
    • Donald Trump 24%
    • Scott Walker 18%
    • Jeb Bush 15%
  • Which party is better at protecting personal information? 38% say Democrats. 36% say Republicans. But, Millinials give Deomcrats 56%.
  • 56% of of registered voters would allow government searching their personal…

3 Recommendations for Health Care Data Security Legislation

The American Society of Clinical Oncology recently told Congress that coordination of care is key to fight cancer.

To support the coordination of care, they recommend the following when considering health care data security legislation:

  • Congress should pass legislation to remove barriers to interoperability, especially information blocking.
  • Policymakers should ensure that cancer patients, oncologists and other oncology providers do not bear the costs of achieving interoperable electronic…