CyberHoodWatch Radio Interviews
Are you Googling your Privacy Away?
Trends In Financial Crimes
Why Law firms (accountants and doctors) should NOT use cloud backups
How much information does Facebook know about you?
Massachusetts AG Says Having a WISP is Not Enough to Comply With Massachusetts Data Security Regulations
The Massachusetts Attorney General’s Office and Belmont Savings Bank have agreed to resolve allegations that Belmont Savings Bank has violated the Commonwealth’s stringent data security regulations (see our post about 201 CMR 17.00 here) through an Assurance of Discontinuance, which has been filed in Massachusetts state court (see document here). Belmont Savings Bank has agreed to pay a civil penalty of $7,500 and has also agreed to institute new security and training procedures following a breach in May 2011, when an employee left a computer backup tape on a desk overnight, rather than in a storage vault. A surveillance camera showed that the backup tape was inadvertently discarded by the evening cleaning crew and, according to the Attorney General’s Office, was likely incinerated by the bank’s waste disposal company.
While there is no evidence indicating that any customer’s personal information has been acquired or used by an unauthorized person or used for an unauthorized purpose, the Assurance of Discontinuance states that if actual harm to customers results, the Attorney General’s Office will reopen discussions in order to determine appropriate restitution. This is the first settlement related to a violation of the Commonwealth’s relatively new data security regulations. While the Attorney General’s Office entered into a consent agreement with a restaurant chain in April 2011 for data security failures, that alleged breach occurred before the new data security regulations went into effect on March 1, 2010. (See our post about this consent agreement here.)
Last week, BCBS of Tennessee agreed to pay $ 1.5M for HIPAA data breaches.
BCBSoTenn failed to encrypt hard drives containing voicemail files.
Is YOUR medical practice encrypting hard drives and flash drives embedded within
- Voice Mail systems
- And other smart systems?
The settlement is available at http://www.hhs.gov/ocr/privacy/hipaa/enforcement/examples/resolution_agreement_and_cap.pdf. (more…)
ANSI (the American National Standards Institute ) has produced a phenomenal, and free, report on the financial impact of losing healthcare data.
Highly recommended that you download it from http://webstore.ansi.org/phi/
Still think HIPAA compliance is strictly for the big guys?
Still think your small medical practice or medical billing business is safe from hackers, criminals and litigators?
From the March 12, 2012 NY Times:
The New Year’s Eve burglary of a California office building has led to the collapse of a national medical records firm.
Impairment Resources LLC filed for bankruptcy Friday after the break-in at its San Diego headquarters led to the electronic escape of detailed medical information for roughly 14,000 people, according to papers filed in U.S. Bankruptcy Court in Wilmington, Del. That information included patient addresses, social security numbers and medical diagnoses.
This 31-minute webinar shows you how
- Kids have been denied College Admissions, thrown out of college or kicked out of their majors
- Interns and employees have cost their employers thousands (or millions) of dollars
- How kids and adults have gone to jail, around the world, due to mistakes in Social Media
Please share this webinar with
- CIOs, CSOs, CPOs, Compliance Officers
- Parents of High school & College Students
- High School & College Student
- High School teachers
- College Professors
- Guidance Counselors
- New Employees
Ambulances turned away as computer virus infects Gwinnett Medical Center computers
By Misty Williams and Joel Anderson
The Atlanta Journal-Constitution
Gwinnett Medical Center on Friday confirmed it has instructed ambulances to take patients to other area hospitals when possible after discovering a system-wide computer virus that slowed patient registration and other operations at its campuses in Lawrenceville and Duluth.
Staff members discovered the virus Wednesday afternoon and have been working since then with outside I.T. experts to fix the problem, spokeswoman Beth Okun said. In the meantime, the health system has been forced to switch back to paperwork.
The situation is expected to last through the weekend, Okun said.