47.5 GB of PHI Left Exposed on the Cloud. (That’s 316,000 PDFs).

According to gizmodo.com, security researchers at Kromtech Security Center found a wide-open Amazon Web Services (AWS) bucket that contained over 300,000 PDFs, each one a medical file that would fall under the governance of the Health Insurance Portability and Accountability Act (or HIPAA which, arguably, finally jumpstarted the drive towards encrypting sensitive digital files thanks […] read more

HIPAA/HITECH Doesn’t Require You To Be Perfect, But It Does Expect You To Follow The Rules.

A couple of recent Department of Health and Human Services (HHS) legal settlements emphasize paperwork over security, showing that a healthcare entity’s approach to safeguarding data must be holistic: yes, you need to use encryption, and lock doors, and hide screens from potential medical data peeping-toms…but you also need to make sure that you’ve followed […] read more

Data Encryption: Can Moral Hazard Account For Low Levels Of Corporate Data Security?.

Over at theconversation.com, an article is tackling “why companies have little incentive to invest in cybersecurity.”  One of the arguments is that companies encounter moral hazard.  That is, they’re don’t really feel the effects of the risk of their actions because someone or something else is taking care of the hazard. Moral Hazard – Beneficiaries […] read more

HIPAA Encryption: Anthem Didn’t Encrypt Data Stolen In Massive Hack.

The wsj.com points out in an article that Anthem Inc, the health insurer that recently announced a massive data breach potentially affecting 80 million people, did not use health data encryption to secure the data that was stolen.  It also points out that applying encryption can be a “balancing act between protecting the information and […] read more

HIPAA Breach: Burglaries Happen.

There are brazen thieves and then there is this guy: video footage from a security camera obtained by krgv.com shows a middle-aged man leisurely strolling back to his stolen truck with a stolen computer under his arm.  It’s because of instances like these that the use of HIPAA-grade disk encryption like AlertBoot’s managed encryption services […] read more

Data Breaches: Overcompensating Data Breach Victims Can Backfire.

At some point, US organizations that became the victims of a data breach started offering credit and other financial monitoring services for free.  These were meant, among other things, as an apology to customers, patients, clients, employees, what have you for the failure to protect sensitive data.  New research seems to suggest that this could […] read more