Data Breach, News Events, Tip of the Week, Trends & Technology, Vulnerability Testing & Management

Worldwide ATM Heist Stole $45 million Across Several Banks

Privacy and Security is important not just for healthcare information but in everyday aspects of our life, such as banking, that affect all of us. Recently, in Brooklyn, New York, six people were arrested and charged for stealing 45 million dollars from Middle East banks. According to NBC News, the “hackers stole debit card data from the National Bank of Ras Al-Khaimah in the United Arab Emirates and Bank Muscat in Oman in two attacks in December 2012 and February 2013, according to prosecutors. These individuals allegedly broke into payment-processing companies used by the two banks and raised the balances and withdrawal limits on the cards, prosecutors said. Crews in more than 20 countries, such as the cell arrested Monday, then withdrew $5 million between Dec. 21 and Dec. 22 and $40 million between Feb. 19 and Feb. 20.”

Exploiting cyber weaknesses

It would seem the same technology the healthcare industry is implementing for ensuring their protected health information stays private and secure is similar to banking industry needs and governmental-spying prevention. The Morning Sentinel reports encrypted email, and other privacy solutions are increasing in popularity in the wake of the National Security Agency’s reported surveillance programs. As a whole, our society has been tolerating privacy issues for many years, including those broken by our own National Security Agency (NSA) reported by the Washington Post on August 15th, 2013. Many organizations such as Google shared the importance of encrypting their own data centers around the world to deter snooping, and protect their clients.

For one solution, Pogoplug, business is booming – it’s garnered close to 1 million paid subscribers in its first year – and the company is anxious to accommodate concerned clients. This month Pogoplug launched a $49 software package called Safeplug that prevents third parties, from the NSA to Google, from learning about a user’s location or browsing habits.

But many warn that encryption offers a false sense of security.

“The fundamental designers of cryptography are in an arms race right now, but there are a series of weaknesses and missing oversights that have nothing to do with encryption that leave people vulnerable,” says Patrick Peterson, CEO of Silicon Valley-based email security firm Agari. And many that do work, bog down or freeze computers, forcing “a trade-off between security and convenience,” he says.

Many hacking or data breach security incidents were not the result of complex attacks or zero day vulnerability exploitation. Rather they occur because of disinterest, overwork, poor configuration management, slow patching, and a complete lack of assessing, or PEN-testing an organization’s own systems.

Many security incidents, such as the too-popular crypto-locker, occur because an untrained or trained-but-curious employee opened an email with an attachment. Regardless of coaching and formal training employees find it hard to resist opening an interesting email.

Regardless, an information security, data privacy, and awareness training program for all members of your workforce is critical both to reduce risk and to show a track record of sincere and sustained efforts at compliance, according to Chris Heuman, Practice Leader at RISC Management.

This post brought to you by RISC Management & Consulting. Visit us at


Morning Sentinel:

NBC News: and

Washington Post: and

Education, Tip of the Week, Upcoming Events

December Destination

As we approach the busy month of December, don’t forget to include events/conferences in your schedule. It is a great way to learn, bring a new perspective to your work environment, share with colleagues while combining sightseeing, travel, and a warm destination! Better yet, if you have questions relating to data privacy and information security regulations and framework, give RISC a call. RISC Management and Consulting offers several core practice areas to support the needs and legal obligations of our clients.

Here are a few that we found worthwhile for the first few weeks into December.  Feel free to share your own favorite destination for learning, fun, and relaxation!

2-4 December 2013 — Las Vegas, Nev., USA
OMICS Group Inc. presents the International Conference on Nursing & Emergency Medicine. Nursing-2013 aims at bringing together a unique and international mix of large and medium medical, pre-clinical research and pharmaceutical companies, leading universities and medical research institutions making the conference a perfect platform to share experience, foster collaborations across industry and academia and evaluate emerging technologies across the globe. The International Conference on Nursing & Emergency Medicine will be an excellent opportunity to meet leading scientist in the field of nursing and emergency medicines and learn about the latest advances in the field of medicine. The different tracks are arranged in an interdisciplinary manner to allow delegates to explore issues directly connected to their own areas of work. This also provides an opportunity to engage with other professionals from a wide range of disciplines.

For details, please contact:

2-4 December 2013 — Las Vegas, Nev., USA
OMICS Group Conferences presents 3rd International Conference on Nanotek and Expo. 3rd International Conference on Nanotek and Expo provides a perfect symposium for scientists, engineers, directors of companies and students in the field of Nanotechnology to meet and share their knowledge. The scientific program paves a way to gather visionaries through the research talks and presentations and put forward many thought provoking strategies.

For details, please contact:

7 December 2013 — Los Angeles, Calif., USA
Contemporary Forums presents the 2013 Women’s Health Update. Join your colleagues for a one-day conference, at West Coast University, focused on networking and clinical enrichment in the fascinating world of women’s primary care! Presented in an interactive format at the West Coast University’s newest Los Angeles campus, this conference will engage you in the learning process and be an opportunity to network with other attendees through case discussion, testing diagnostic skills, incorporating new guideline strategy and problem-solving exercises for clinical dilemmas.

For details, please contact:

6-7 December 2013 — Miami, Florida, USA

The Miami Neuro Symposium brings together three established neuro meetings:

 Knock Out Stroke       Neurocritical Care      Brain Tumor Management

Participants will benefit from education in these varied and important neuroscience specialties as they explore cutting-edge research results and advances in diagnostic and treatment strategies presented by world-renowned clinical and surgical neuroscience experts. Faculty will cover best-practice treatment strategies with a comprehensive focus on safety; advances in strategies for proper assessment and optimal treatment of acute stroke; aggressive approaches to treatment of critically ill neurologic patients; and advances in brain tumor management or proper evaluation of the patient with a suspected brain tumor.

For details, please visit:

5-8 December 2013 — Las Vegas, Nevada, USA

A-Cross Medicine Reviews: Primary Care CME Course located at Bellagio Hotel

This program is designed to increase attendee knowledge and competence in a variety of primary care topics. These include hypertension, lipid management, common ENT problems, ethical dilemmas, and current diabetes management. All topics presented will utilize evidence-based guidelines from the literature. These are Primary Care CME courses for Physicians, Nurse Practitioners, and Physician Assistants. Medical residents/fellows as well as students from all disciplines are welcome to attend.


  • Review the current evidence-based guidelines for cancer screening
  • Recognize differential diagnoses for colds, strep throat, and other ENT disorders
  • Review the latest COPD and asthma guidelines and be able to implement changes in your practice
  • Review NCEP’s ATP III guidelines on the management of hyperlipidemias, including other relevant, more recent, recommendations
  • Revisit NJC VIIs guidelines on the management of hypertension, and include other relevant, more recent recommendations
  • Discuss the current ADA’s recommendations on the management of diabetes mellitus
  • Give feedback on ethical dilemmas
  • Evaluate patients with exposure to various zoonotic threats

For details, please visit:

8-11 December 2013 — Orlando, Florida, USA

The 25th Annual National Forum on Quality Improvement in Health Care. The Institute for Healthcare Improvement (IHI) is an independent not-for-profit organization based in Cambridge, Massachusetts, and a leading innovator in health and health care improvement worldwide. One of their core belief is for everyone to receive the best care and health possible. This passionate belief fuels their mission to improve health and health care. IHI’s National Forum is the premier conference for
people committed to the mission of improving health care.

Join IHI for this inspiring and motivating event that will unite thousands of health care leaders, visionaries, and front-line practitioners from around the world. This annual event draws nearly 6,000 health care professionals from around the world in person and thousands more via satellite broadcast.

For details, contact:  or visit:

Sponsored by: RISC Management and Consulting,