Data Breach, News Events, Tip of the Week, Trends & Technology, Vulnerability Testing & Management

Worldwide ATM Heist Stole $45 million Across Several Banks

Privacy and Security is important not just for healthcare information but in everyday aspects of our life, such as banking, that affect all of us. Recently, in Brooklyn, New York, six people were arrested and charged for stealing 45 million dollars from Middle East banks. According to NBC News, the “hackers stole debit card data from the National Bank of Ras Al-Khaimah in the United Arab Emirates and Bank Muscat in Oman in two attacks in December 2012 and February 2013, according to prosecutors. These individuals allegedly broke into payment-processing companies used by the two banks and raised the balances and withdrawal limits on the cards, prosecutors said. Crews in more than 20 countries, such as the cell arrested Monday, then withdrew $5 million between Dec. 21 and Dec. 22 and $40 million between Feb. 19 and Feb. 20.”

Exploiting cyber weaknesses

It would seem the same technology the healthcare industry is implementing for ensuring their protected health information stays private and secure is similar to banking industry needs and governmental-spying prevention. The Morning Sentinel reports encrypted email, and other privacy solutions are increasing in popularity in the wake of the National Security Agency’s reported surveillance programs. As a whole, our society has been tolerating privacy issues for many years, including those broken by our own National Security Agency (NSA) reported by the Washington Post on August 15th, 2013. Many organizations such as Google shared the importance of encrypting their own data centers around the world to deter snooping, and protect their clients.

For one solution, Pogoplug, business is booming – it’s garnered close to 1 million paid subscribers in its first year – and the company is anxious to accommodate concerned clients. This month Pogoplug launched a $49 software package called Safeplug that prevents third parties, from the NSA to Google, from learning about a user’s location or browsing habits.

But many warn that encryption offers a false sense of security.

“The fundamental designers of cryptography are in an arms race right now, but there are a series of weaknesses and missing oversights that have nothing to do with encryption that leave people vulnerable,” says Patrick Peterson, CEO of Silicon Valley-based email security firm Agari. And many that do work, bog down or freeze computers, forcing “a trade-off between security and convenience,” he says.

Many hacking or data breach security incidents were not the result of complex attacks or zero day vulnerability exploitation. Rather they occur because of disinterest, overwork, poor configuration management, slow patching, and a complete lack of assessing, or PEN-testing an organization’s own systems.

Many security incidents, such as the too-popular crypto-locker, occur because an untrained or trained-but-curious employee opened an email with an attachment. Regardless of coaching and formal training employees find it hard to resist opening an interesting email.

Regardless, an information security, data privacy, and awareness training program for all members of your workforce is critical both to reduce risk and to show a track record of sincere and sustained efforts at compliance, according to Chris Heuman, Practice Leader at RISC Management.

This post brought to you by RISC Management & Consulting. Visit us at www.RISCsecurity.com

Resources:

Morning Sentinel: http://www.onlinesentinel.com/news/Computer_privacy_services_booming_in_wake_of_NSA_surveillance_fears.html?pagenum=2

NBC News: http://www.nbcnews.com/technology/6-arrested-45-million-global-atm-bank-cyberheist-2D11617858 and http://www.nbcnews.com/id/51850893/ns/technology_and_science-tech_and_gadgets/#.UpkQhcSsh8F

Washington Post: http://articles.washingtonpost.com/keyword/national-security-agency and http://articles.washingtonpost.com/2013-09-06/business/41831756_1_encryption-data-centers-intelligence-agencies

Advertisements
Education, Tip of the Week, Upcoming Events

December Destination

As we approach the busy month of December, don’t forget to include events/conferences in your schedule. It is a great way to learn, bring a new perspective to your work environment, share with colleagues while combining sightseeing, travel, and a warm destination! Better yet, if you have questions relating to data privacy and information security regulations and framework, give RISC a call. RISC Management and Consulting offers several core practice areas to support the needs and legal obligations of our clients.

Here are a few that we found worthwhile for the first few weeks into December.  Feel free to share your own favorite destination for learning, fun, and relaxation!

2-4 December 2013 — Las Vegas, Nev., USA
OMICS Group Inc. presents the International Conference on Nursing & Emergency Medicine. Nursing-2013 aims at bringing together a unique and international mix of large and medium medical, pre-clinical research and pharmaceutical companies, leading universities and medical research institutions making the conference a perfect platform to share experience, foster collaborations across industry and academia and evaluate emerging technologies across the globe. The International Conference on Nursing & Emergency Medicine will be an excellent opportunity to meet leading scientist in the field of nursing and emergency medicines and learn about the latest advances in the field of medicine. The different tracks are arranged in an interdisciplinary manner to allow delegates to explore issues directly connected to their own areas of work. This also provides an opportunity to engage with other professionals from a wide range of disciplines.

For details, please contact: shintaliz@omicsgroup.net

2-4 December 2013 — Las Vegas, Nev., USA
OMICS Group Conferences presents 3rd International Conference on Nanotek and Expo. 3rd International Conference on Nanotek and Expo provides a perfect symposium for scientists, engineers, directors of companies and students in the field of Nanotechnology to meet and share their knowledge. The scientific program paves a way to gather visionaries through the research talks and presentations and put forward many thought provoking strategies.

For details, please contact: nanotek2013@omicsonline.com

7 December 2013 — Los Angeles, Calif., USA
Contemporary Forums presents the 2013 Women’s Health Update. Join your colleagues for a one-day conference, at West Coast University, focused on networking and clinical enrichment in the fascinating world of women’s primary care! Presented in an interactive format at the West Coast University’s newest Los Angeles campus, this conference will engage you in the learning process and be an opportunity to network with other attendees through case discussion, testing diagnostic skills, incorporating new guideline strategy and problem-solving exercises for clinical dilemmas.

For details, please contact: rvaldivia@americancareercollege.edu

6-7 December 2013 — Miami, Florida, USA

The Miami Neuro Symposium brings together three established neuro meetings:

 Knock Out Stroke       Neurocritical Care      Brain Tumor Management

Participants will benefit from education in these varied and important neuroscience specialties as they explore cutting-edge research results and advances in diagnostic and treatment strategies presented by world-renowned clinical and surgical neuroscience experts. Faculty will cover best-practice treatment strategies with a comprehensive focus on safety; advances in strategies for proper assessment and optimal treatment of acute stroke; aggressive approaches to treatment of critically ill neurologic patients; and advances in brain tumor management or proper evaluation of the patient with a suspected brain tumor.

For details, please visit: http://cme.baptisthealth.net/miamineuro/pages/registration.aspx

5-8 December 2013 — Las Vegas, Nevada, USA

A-Cross Medicine Reviews: Primary Care CME Course located at Bellagio Hotel

This program is designed to increase attendee knowledge and competence in a variety of primary care topics. These include hypertension, lipid management, common ENT problems, ethical dilemmas, and current diabetes management. All topics presented will utilize evidence-based guidelines from the literature. These are Primary Care CME courses for Physicians, Nurse Practitioners, and Physician Assistants. Medical residents/fellows as well as students from all disciplines are welcome to attend.

Agenda:

  • Review the current evidence-based guidelines for cancer screening
  • Recognize differential diagnoses for colds, strep throat, and other ENT disorders
  • Review the latest COPD and asthma guidelines and be able to implement changes in your practice
  • Review NCEP’s ATP III guidelines on the management of hyperlipidemias, including other relevant, more recent, recommendations
  • Revisit NJC VIIs guidelines on the management of hypertension, and include other relevant, more recent recommendations
  • Discuss the current ADA’s recommendations on the management of diabetes mellitus
  • Give feedback on ethical dilemmas
  • Evaluate patients with exposure to various zoonotic threats

For details, please visit: http://www.a-crossmedicinereviews.com/December_5-8_at_Bellagio.php

8-11 December 2013 — Orlando, Florida, USA

The 25th Annual National Forum on Quality Improvement in Health Care. The Institute for Healthcare Improvement (IHI) is an independent not-for-profit organization based in Cambridge, Massachusetts, and a leading innovator in health and health care improvement worldwide. One of their core belief is for everyone to receive the best care and health possible. This passionate belief fuels their mission to improve health and health care. IHI’s National Forum is the premier conference for
people committed to the mission of improving health care.

Join IHI for this inspiring and motivating event that will unite thousands of health care leaders, visionaries, and front-line practitioners from around the world. This annual event draws nearly 6,000 health care professionals from around the world in person and thousands more via satellite broadcast.

For details, contact: info@ihi.org  or visit: http://www.ihi.org/offerings/Conferences/Forum2013/Pages/default.aspx

Sponsored by: RISC Management and Consulting, www.RISCsecurity.com

Data Breach, Education, HIPAA / HITECH Enforcement, Meaningful Use, News Events, OCR HIPAA Audits, Tip of the Week, Upcoming Events

Gazzang and RISC Management Announce Upcoming Webinar to Help Companies Minimize Risk of Sensitive Data Exposure

The HIPAA Omnibus Rule enhances requirements and penalties for covered entities and business associates alike. As organizations rush to comply with the new rules, many are turning to Gazzang, the big data security experts, for help securing protected health information (PHI) and partner RISC Management to assess, document, and achieve compliance.

Join Chris Heuman- Practice Leader of RISC Management & Consulting along with David Tishgart-Senior Director of Marketing at Gazzang as they present information to understand what constitutes a breach and how best to protect regulated data such as electronic Protected Health Information (ePHI). Discover the best route for navigating the breach risk assessment requirements and minimize your chances of having to report a breach!

Chris Heuman
Chris Heuman
David Tishgart
David Tishgart

Gazzang zNcrypt™ for Health Care can be applied easily, quickly, and economically as a solution for data privacy and security requirements defined within HIPAA and HITECH. Through AES-256 encryption, advanced key management, and process-based access controls, zNcrypt provides transparent data encryption for any database or application running on Linux, including big data environments. Additionally, Gazzang zTrustee™ protects the Gazzang encryption keys with several layers of advanced techniques to ensure the key is only accessible by authorized parties. In the event of a data breach, encryption can help organizations protect sensitive PHI and may enable them to claim “Safe Harbor.”

“Data breaches such as the one experienced by Advocate Health Group affecting more than four million patients, and the subsequent huge class action lawsuit need not occur. A thorough risk analysis, as required by HIPAA, and implementation of stable, supportable encryption technology could have saved the organization a great deal of cost and time, and more than four million patients a lot of stress.” said Chris Heuman, Practice Leader at RISC Management.

Gazzang and RISC Management are hosting a webinar titled, “Are You Ready for the Final HIPAA Omnibus Rule Changes?” on Wednesday, November 6 at 12:00 p.m. ET. Click here to register and learn what constitutes a breach and how best to protect regulated data such as ePHI.

 About RISC Management

RISC Management is an organization dedicated to data privacy and information security, focused primarily on healthcare, banking and finance, and higher education. RISC helps to protect the regulated and sensitive data of our clients and their customers. RISC provides a wide array of compliance and security services to help ensure our clients understand legal and industry requirements. Our experts identify, analyze, document, and remediate risks and vulnerabilities to protect sensitive information. For more information visit www.RISCsecurity.com .

Media Contact

RISC Management
Rose Rienton, MSN, RN

Rose.Rienton@RISCsecurity.com

 About Gazzang

Gazzang provides data security solutions and expertise to help enterprises protect sensitive information and maintain performance in big data and cloud environments. Our technology enables SaaS vendors, health care organizations, financial institutions, public sector agencies and more to meet regulatory compliance initiatives, secure personally identifiable information and prevent unauthorized access to sensitive data and systems. The company is headquartered in Austin, Texas and backed by Austin Ventures and Silver Creek Ventures. For more information, visit www.gazzang.com.

Media Contact

Gazzang
Cybele Diamandopoulos

(512) 535-4422

cybele@foliocom.com