California Amends Data Breach Notification For Encrypted Data.

Beginning on January 1, 2017, organizations in California cannot automatically assume that personal details are safe if they were encrypted at the time of a data breach. This, in turn, means that businesses and other organizations will have to give some thought as to whether a data breach must be made public.   Encrypted Personal […] read more

Longer Passwords Is The Way To Security.

In a continuation to the post from last week, it looks like it’s not only the FTC’s Chief Technologist that is waging war against the periodic renewal of passwords. The National Institute of Science and Technology (NIST) is apparently onboard as well, and they will also be recommending that something be done about password complexity […] read more

HIPAA Encryption: Indiana Medical Firm Data Breach Affects 230 Healthcare Organizations.

Last week, a Indiana medical firm saw a massive medical data breach that extended throughout the entire U.S.  Per online reports, possibly 4 million people in more than 230 hospitals and other healthcare organizations were affected by the breach, which occurred in May of this year. Hackers stole protected health information that included: “patients’ names, […] read more

HIPAA Data Breach: Medical Office Alerts Patients That Nothing Happened.

I’ve just run across a data breach notification that is a first of its kind: a data breach where the affected organization tells its clients (technically, patients) that nothing happened.  It’s like the Seinfeld show of data breaches.  The breach notification letter is about nothing.  Absolutely nothing.  Yet, there is something there. All kidding aside, […] read more

Medical Laptop Disk Encryption: Valley Community Healthcare Reports Stolen (Unencrypted) Laptop.

One of the worst US states in which to have a data breach, especially a medical data breach, is probably California: in addition to federal HIPAA regulations, California has shown itself to be quite aggressive when dealing with medical entities that experience a data breach.  Indeed, there’s some (valid) criticism that the CA Dept. of […] read more

Encryption vs. Cyberinsurance: One’s Risk Management, The Other’s Risk Transfer.

The Anthem data breach is turning out to be big not only in terms of number of people affected.  According to pymnts.com, quoting ft.com, Lloyd’s of London has stated that cyber attacks are “now too big for private insurance companies to handle” after details of Anthem’s hack were revealed.  This is another development that should […] read more

HIPAA Encryption: Anthem Didn’t Encrypt Data Stolen In Massive Hack.

The wsj.com points out in an article that Anthem Inc, the health insurer that recently announced a massive data breach potentially affecting 80 million people, did not use health data encryption to secure the data that was stolen.  It also points out that applying encryption can be a “balancing act between protecting the information and […] read more