Browsed by
Author: Kyle Kennedy

Insider Threat is so important it will never make headlines

Insider Threat is so important it will never make headlines

Right now the headlines in the security world are on fire with hacks and breaches. There is a nasty number brewing at DHS involving federal employees, and there is the alleged largest hack of username and password data ever as well. I say “alleged” because some in the security world have called some of the numbers being thrown around into question and I think they make some good points. Much of this has made it into mainstream news. People will…

Read More Read More

Shared Network, Shared Security Burden

Shared Network, Shared Security Burden

Days later, after New York-Presbyterian agreed to pay out the largest settlement ever in a HIPAA violation case ($4.8M), the only thing we can ask ourselves is, “Why did this happen, and how could this have been prevented?” The breach was ultimately discovered by an external entity of the hospital when they found a deceased patient’s data online. However, they (the hospital), upon further investigation, found that the health records of another 6,800 hospital patients had become publically available when…

Read More Read More

HIPAA Violations – Remediation is Always More Expensive Than Prevention

HIPAA Violations – Remediation is Always More Expensive Than Prevention

The year is circa 1995; Major League Baseball players end a 232-day strike, Windows 95 is released by Microsoft, JavaScript is first introduced and deployed, the Grateful Dead announce their break-up, and Toy Story became the first ever wholly computer generated movie to be released. Did you also know that in 1995 the average inpatient medical record was accessed and viewed by at least 150 people during a typical five-day hospital stay by nursing staff, to receptionists to x-ray technicians?…

Read More Read More

Knowledge (and Data) is Power

Knowledge (and Data) is Power

Data security is an information technology topic that has moved beyond the walls of IT engineers and their peers to – well everyone else. Take for instance the recent security hole reported by Indiana University that resulted in an estimated 146,000 Indiana University students’ “personal data…inadvertently exposed to webcrawling programs since last March” per CNN. The personal data that was exposed; “students names, addresses, and Social Security numbers…stored in an unsecure location that allowed web crawlers the ability to access…

Read More Read More

Do You Know Where Your “Privileged” Credentials Are?

Do You Know Where Your “Privileged” Credentials Are?

Three months after the massive Target attack that resulted in 110 million consumers’ credit card and personal data being stolen; we are finding out that company size is irrelevant in the data breach conversation; as consumer confidence, market presence, and brand recognition are absolutely critical to an organizations bottom line – profitability. Since customer confidence, market presence, and brand awareness are all critical elements of profitability; we must ask ourselves – What protections did Target have in place to safeguard…

Read More Read More

“Doctor, Help Fix My Cold and My Identity?”

“Doctor, Help Fix My Cold and My Identity?”

Four years; yes, you read that correctly, four years later approximately one thousand patients of Riverside Health System of Virginia were notified they were victims of a privacy breach. The fact that a healthcare provider was breached seems to be a common headline in the news these days. Personally what makes this breach even more interesting was the fact that it was discovered after a random audit. Riverside Health System spokesperson Peter Glagola said in a statement, “We have a…

Read More Read More

Start a Free StealthAUDIT® Trial!

No risk. No obligation.