Monthly Archives: March 2016

3 Points Informed Intel. Why Hackers Target Healthcare Over All Other Industries.

Hacking incidents by industry:

  • 23% of data breaches occured in healthcare
  • 18% of data breaches occured in financial services
  • 16% of data breaches occured in education

34% of healthcare data breaches are caused by employee error

The average notification timeline after a breach:

  • 69 days to detect the incident
  • 7 days to contain it
  • 43 days to analyze what happened
  • 40 days to notify potentially affected individuals

Health IT Security | Healthcare Data Breaches Most Common in 2015…

INTERIM. 3 Ways 1 State Seeks to Tighten Education Contracts. Student Data Security. Read the Bill. Prepare an Offense. Prepare a Defense.

Which state is making a new move to protect student data? Colorado

What does it mean for education contractors? New Rules. New Data Security Requirements.

3 Key prohibitions in the bill:

  • prohibit education contractors from selling personally identifiable student information
  • prohibit use of student information for targeted advertising to students
  • Prohibitions follow to the subcontractors
  • Establishes data security protocols tied to education contractors

CO HB 16-1423

Chalkbeat…

Lege Trend: Shorten Notification Requirements for Business with Data Breaches.

Which state updated its data breach law in March to shorten the time line for notification? Tennessee

How long do Tennessee businesses with data breaches have for notification? 14 days from discovery or notification of the breach

Is there an exception to the 14 days? yes, a legitimate law enforcement need

Did Tennessee also expand what triggers a notification? Yes

What new event triggers a notification? When the breach is caused by your own employee

TN SB 2005

JD Supra | Alston &…

Lege Trend: Reworking Agency Data Security. Procurement. Procurement. Procurement.

Which state passed new data security laws in 2016? Wyoming

Were the new laws the result of a breach or a legislative mandate? The result of a 2 year,  4-member Joint Task Force on Digital Information Privacy

What are agencies asked to do?  2 tasks

  • Agencies must review their data collection, handling, security and management.
  • Agencies must assess their stored data and explain why it collected it; and whether it really still needs to be stored

Where does procurement come into…

INTERIM. 2 Points Informed Intel. Regulatory Guidance for Data Security while Government Teleworking. Contracting Opportunities.

What entity released guidelines on teleworking and cyber security? The National Institute of Standards and Technology

What suggestions in the guidelines that will direct procurement opportunities?

  • virtual mobile infrastructure technologies

    • that create temporary, secure environments for teleworkers who need to access organizational data that are destroyed when the session is over

  • mobile device management technology
    • technology to force devices to adhere to certain security…

Another Healthcare Facility Hit with Ransomeware. The Informed Intel in 3 Points.

  • Methodist Hospital in Kentucky was hit by ransomeware
  • The ransomeware, of the “Locky” strain,  encrypted, deleted original files  and is holding hostage all its data for $1,600, or 4 bitcoins
  • Hospital paperwork is being processed by hand

Krebs on Security | Hospital Declares ‘Internal State of Emergency’ After Ransomware Infection

Governing | Hackers Target Hospitals for Ransom

New Technology Device Being Hacked. Informed Intel on the Hacking of Wireless Mice. Why Regulators Pay Attention.

Why are wireless mice vulnerable to hacking? Unencrypted communication with computers is what guide the mice.

What does that mean? For $20, someone a block away can trick your computer into using its mouse and steal your data.

Why would regulators care? Because regulators stress encryption in data security. 

Reuters | Wireless mice leave billions at risk of computer hack: cyber security firm

Health care data Security. Non-HIPPA entities. Health & Wellness Apps Beware. Medical Billing Companies Hello. Bonjour Medical Transcribers.

What entities are the new targets for data security enforcement? HIPPA adjacent health and wellness companies. 

Why are HIPPA adjacent health and wellness companies the focus of regulators? These companies collect and store personal health information. For example:

  • Fitbit & health apps. That data from your fitbit gets stored somewhere and if it was collected and stored by a health care provider, it would be protected information. 
  • Medical billing companies
  • Medical Transcription…

Data Security Arrests for Water Infrastructure Cyber Mayhem. Informed Intel:

The U.S. Justice Department arrested invididuals that attempted to break into a small dam to disrupt operations. The informed intel:

  • 1st time someone has been charged with disrupting, or attempting to disrupt, critical U.S. infrstructure. 
  • The charges are” cyber myham” to disrupt the water infrastructure. 

Washington Post | U.S. charges Iran-linked hackers with targeting banks, N.Y. dam