HHS hit Idaho State University with a $400,000 fine this week over HIPAA security violations. The fine comes because of a healthcare data breach involving 17,500 patients where a firewall was disabled for 10 months. Overall HHS listed a incomplete/inadequate risk assessment/analysis as one of the major factors in their decision. “Idaho State University (ISU) [...]
Data Breach Risk – LinkedIn Lurking
ID Experts release a list of 10 breach risks and one in particular caught my eye. LinkedIn Lurking is a new term to me but without any extra explanation it makes sense to me. 9. LinkedIn Lurking. If your LinkedIn profile contains the words “payroll,” “HR” or “Finance,” you’ve painted a bull’s eye on your [...]
How to work with multiple language populations after a healthcare data breach?
This “Data Breach Response – How To” article is part of our larger series by Heather Noonan. Working with multiple languages after a data breach can be fairly simple if you remember a couple important things and remember that you may run into some obstacles along the way. Think of it as an adventure and [...]
HIPAA Breach Hits Indiana University Health Arnett
Indiana University Health Arnett has notified over 10,000 patients after an unencrypted laptop was stolen from a car. The risks inherent to universities has been widely documented here but add in HIPAA and HITECH privacy & security to the mix and you have a risk management nightmare. This breach was a failure of proper policy, [...]
Breach Notification – Face Palm Edition
When a company loses your information, especially when it’s sensitive information like your credit card information, you expect a level of seriousness to the response. What you don’t expect is “We believe the risk of harm to you is low.” Believe? You don’t know? Did you do forensics? Did you investigate? I “believe” your explanation [...]
Lost X-ray film leads to 17k patient HIPAA Breach
Reduce, Reuse, Recycle… all good things, except when they are patient medical files. This has to be one of the more “interesting” HIPAA breaches I’ve seen in the last few years. A clinic in Raleigh handed over old X-ray films to a 3rd party vendor in order to get the film converted into a digital [...]
How to Inform Internal Teams of a Data Breach?
This “Data Breach Response – How To” article is part of our larger series by Heather Noonan. This post is also available on the ID Experts Data Breach Blog. What is the best way to tell your internal teams that your company has had a data breach? A data breach isn’t unlike any other public [...]
Why does a victim of a data breach benefit from having a Recovery Solution?
This “Data Breach Response – How To” article is part of our larger series by Heather Noonan. This post is also available on the ID Experts Data Breach Blog. Someone once explained recovery solutions with the analogy of repairing your car. Yes, you could probably put in your own engine or reattach your own bumper, [...]
College Data Breach Infographic – 8 Years of Data Breaches
What does 8 years of university data breaches look like? I’ve run across this great inforgraphic of data breaches in higher education created by open-site.org. Courtesy of Open-Site.org, used under Creative Commons License:
Using Digital Forensics to Reduce Risks after a Healthcare Data Breach
The digital forensics that follow a healthcare data breach can be an important but sometimes a boring discussion topic. It is one of those things that your health organization will outsource, a third party analysis is very important, so the organization often doesn’t have much direct influence or participation in the actual analysis of breached [...]
