HIPAA Breach Notification: About 30 Days Left To Notify HHS/OCR On Breaches Affecting Less Than 500.

One of the advantages of using encryption software, if you’re in the healthcare field, is that the loss of cryptographically secured sensitive data is given protection from HIPAA/HITECH’s Breach Notification Rules.  If not encrypted, you must notify the HHS’s Office for Civil Rights within 60 business days of discovering the data breach.  However, there is […] read more

HIPAA Breach: Burglaries Happen.

There are brazen thieves and then there is this guy: video footage from a security camera obtained by krgv.com shows a middle-aged man leisurely strolling back to his stolen truck with a stolen computer under his arm.  It’s because of instances like these that the use of HIPAA-grade disk encryption like AlertBoot’s managed encryption services […] read more

The Problem With Those Annual Weak Password Surveys.

(Update Jan 23: Apparently, the DOJ has proposed changes so that publishing weak password lists will become a felony.) At either the start or end of the year, a security company somewhere in the intertubes can be found publishing a list of the top “most popular” passwords (usually the top ten).  These lists, compiled by […] read more

New York Data Security Law: AG Pursuing Law Updates, Will Introduce Safe Harbor.

New York Attorney General Eric T. Schneiderman announced last week that he will be pursuing updates to the state’s data security laws.  Among the proposals are changes to the legal definition of “personal information”; introducing safe harbor for companies that meet security standards; and encouraging the sharing of forensic data.  It sounds as if security […] read more