Blog

May 14th, 2012
Recommended Reading


ISC2/BrightTalk webinars
CyberHoodWatch Radio Interviews
Are you Googling your Privacy Away?
Trends In Financial Crimes
Why Law firms (accountants and doctors) should NOT use cloud backups
How much information does Facebook know about you?

(more…)

Topic Blog, Raj Goel's articles
March 29th, 2012
Written Information Security Policy is INSUFFICIENT to comply with Massachusetts Data Privacy Law

Massachusetts AG Says Having a WISP is Not Enough to Comply With Massachusetts Data Security Regulations

The Massachusetts Attorney General’s Office and Belmont Savings Bank have agreed to resolve allegations that Belmont Savings Bank has violated the Commonwealth’s stringent data security regulations (see our post about 201 CMR 17.00 here) through an Assurance of Discontinuance, which has been filed in Massachusetts state court (see document here). Belmont Savings Bank has agreed to pay a civil penalty of $7,500 and has also agreed to institute new security and training procedures following a breach in May 2011, when an employee left a computer backup tape on a desk overnight, rather than in a storage vault. A surveillance camera showed that the backup tape was inadvertently discarded by the evening cleaning crew and, according to the Attorney General’s Office, was likely incinerated by the bank’s waste disposal company.

While there is no evidence indicating that any customer’s personal information has been acquired or used by an unauthorized person or used for an unauthorized purpose, the Assurance of Discontinuance states that if actual harm to customers results, the Attorney General’s Office will reopen discussions in order to determine appropriate restitution. This is the first settlement related to a violation of the Commonwealth’s relatively new data security regulations. While the Attorney General’s Office entered into a consent agreement with a restaurant chain in April 2011 for data security failures, that alleged breach occurred before the new data security regulations went into effect on March 1, 2010. (See our post about this consent agreement here.)

via Massachusetts AG Says Having a WISP is Not Enough to Comply With Massachusetts Data Security Regulations : Privacy Law Blog.

Topic Blog, Raj Goel's articles
March 28th, 2012
Learn from the Blue Cross Blue Shield of Tennessee HIPAA breach

Last week, BCBS of Tennessee agreed to pay $ 1.5M for HIPAA data breaches.

BCBSoTenn failed to encrypt hard drives containing voicemail files.

 Is YOUR medical practice encrypting hard drives and flash drives embedded within

  • Laptops
  • Desktops
  • Servers
  • Copiers
  • Voice Mail systems
  • And other smart systems?

The settlement is available at http://www.hhs.gov/ocr/privacy/hipaa/enforcement/examples/resolution_agreement_and_cap.pdf(more…)

Topic Blog, Raj Goel's articles
March 28th, 2012
ANSI Free Report – The Financial Impact of Breached Protected Health Information

ANSI (the American National Standards Institute ) has produced a phenomenal, and free, report on the financial impact of losing healthcare data.

Highly recommended that you download it from http://webstore.ansi.org/phi/

Topic Blog, Raj Goel's articles
March 28th, 2012
New Year’s Eve Burglary Triggers Medical Records Firm’s Bankruptcy

Still think HIPAA compliance is strictly for the big guys?

Still think your small medical practice or medical billing business is safe from hackers, criminals and litigators?

From the March 12, 2012 NY Times:

The New Year’s Eve burglary of a California office building has led to the collapse of a national medical records firm.

Impairment Resources LLC filed for bankruptcy Friday after the break-in at its San Diego headquarters led to the electronic escape of detailed medical information for roughly 14,000 people, according to papers filed in U.S. Bankruptcy Court in Wilmington, Del. That information included patient addresses, social security numbers and medical diagnoses.

(more…)

Topic Blog, Raj Goel's articles
March 26th, 2012
What to Teach Your Kids, Employees and Interns about Social Media

This 31-minute webinar shows you how

  • Kids have been denied College Admissions, thrown out of college or kicked out of their majors
  • Interns and employees have cost their employers thousands (or millions) of dollars
  • How kids and adults have gone to jail, around the world, due to mistakes in Social Media

Please share this webinar with

  • CIOs, CSOs, CPOs, Compliance Officers
  • Parents of High school & College Students
  • High School & College Student
  • High School teachers
  • College Professors
  • Guidance Counselors
  • Interns
  • New Employees

Topic Blog, Raj Goel's articles
December 12th, 2011
Ambulances turned away as computer virus infects Gwinnett Medical Center computers

Ambulances turned away as computer virus infects Gwinnett Medical Center computers

By Misty Williams and Joel Anderson

The Atlanta Journal-Constitution

Gwinnett Medical Center on Friday confirmed it has instructed ambulances to take patients to other area hospitals when possible after discovering a system-wide computer virus that slowed patient registration and other operations at its campuses in Lawrenceville and Duluth.

Staff members discovered the virus Wednesday afternoon and have been working since then with outside I.T. experts to fix the problem, spokeswoman Beth Okun said. In the meantime, the health system has been forced to switch back to paperwork.

The situation is expected to last through the weekend, Okun said.

via Ambulances turned away as computer virus infects Gwinnett Medical Center computers  | ajc.com.

Topic Blog, Raj Goel's articles