Commentaries and Analyses – Page 600

Initial Release of the Information Security Primer for Evaluating Educational Software

Posted on March 28, 2016 by Dissent

So pleased to see this announcement from Bill Fitzgerald: One of the unspoken issues in working on security and privacy in educational software is that, while many people are passionate about privacy and security, many people don’t know how to start evaluating software or how to assess any potential risks they might uncover. One of…

FBI issues warning to law firms

Posted on March 26, 2016 by Dissent

Linn Foster Freedman of Robinson & Cole writes: The FBI has issued a Private Industry Notification to law firms indicating that a cyber crime insider trading ring is targeting “international law firm information used to facilitate business ventures.” According to the FBI “[T]he scheme involves a hacker compromising the law firm’s computer networks and monitoring…

IRS’s Top 10 Identity Theft Prosecutions

Posted on March 25, 2016 by Dissent

From the IRS, Mar. 21: As part of the continued crackdown on refund fraud and identity theft, the Internal Revenue Service today released the Top 10 Identity Theft Prosecutions for Fiscal Year 2015. These prosecutions are part of the wide-ranging strategy to combat refund fraud and assist taxpayers through detection, prevention and resolving identity theft…

When do covered entities need to report ransomware incidents to HHS?

Posted on March 24, 2016 by Dissent

At the PHI Protection Network conference last week, we spent a lot of time discussing the increasing rate of ransomware attacks. I asked a number of people whether they thought that ransomware attacks that (merely) locked up the data with no evidence of exfiltration had to be reported to HHS. I got a variety of…

Plan Ahead, Stay On Top of Government and Tech Changes, and Be Ready to Call the FBI: Key Lessons from the PHI Protection Network Conference

Posted on March 22, 2016 by Dissent

Abraham J. Rein of Post & Schell has a nice recap of some of the recurring themes at last week’s PHI Protection Network conference in Philadelphia. Here’s a snippet of his post from the section about about law enforcement’s message to attendees: …. Michael Stawasz, Deputy Chief of the U.S. Department of Justice Computer Crime and…

Featured Story: Henry Ford Healthcare System: creating a culture of privacy

Posted on March 21, 2016 by Dissent

Over the past decade of reporting on healthcare sector breaches, I can probably count on one hand the number of entities who have impressed me that they really “get” that responding to a privacy breach is not primarily about data or statutory notifications. It’s about addressing any distrust or anxiety patients may feel about you protecting their confidentiality, because…