Lucas Mearian reports: About 32% of hospitals and 52% of non-acute providers — such as outpatient clinics, rehabilitation facilities and physicians’ offices — are not encrypting data in transit, according to a new survey. Additionally, only 61% of acute providers and 48% of non-acute providers are encrypting data at rest. Read more about the results…
Month: August 2016
‘Significant’ security holes in Medicare/Medicaid data
Norman Leahy reports: Medicare and Medicaid have “significant” vulnerabilities in their wireless networks that jeopardize the personal information of millions of citizens, according to a report issued Wednesday. If exploited, the security holes at certain Centers for Medicare and Medicaid Services data operations could result in “unauthorized access” to personally identifiable information and a possible “disruption…
Adding Insult to Injury: Is There Coverage for a Data Breach or Hacking Event that Causes Physical Damage?
Ken Kronstadt of Kelley Drye & Warren LLP writes: If you have turned on a television recently, you have likely seen advertisements for Wi-Fi-networked appliances and devices such as refrigerators or thermostats. While these devices represent a giant leap in consumer convenience, it is not difficult to imagine hackers ex-ploiting a security vulnerability in such a device…
Consumer Caution: Factory RV Surplus exposing customer info (updated)
I usually withhold information about a leaky site until it’s been secured, but when a company repeatedly fails to follow up and ignores notifications by phone and email, and when the company responsible for their site also ignores notification, it’s time to go public, I think. More than one month ago, I was contacted by…
Companies Fare Worse When the Press Exposes Their Problems Before They Do
An-Sofie Claeys, Verolien Cauberghe, and Mario Pandelaere have been conducting some interesting research on crisis management. Not surprisingly, they found that when entities disclosed first, even subsequent critical reports on their incidents had less impact than if critical reports appeared before the entity disclosed. Their studies were not addressing data breach disclosures per se, but the…
Beauty site lets anyone read customers’ personal information
Darren Pauli reports: Popular online cosmetics site Strawberrynet has asked customers if a function that allows anyone to retrieve its customers names, billing addresses, and phone numbers with nothing more than an email address is a bug or a feature. The bug was first disclosed almost exactly a decade ago and resurfaced after security man Troy Hunt reported the flaw to…