I just read a very interesting article, “CMS’ HIPAA watchdog presents potential conflict” that made me go Hmmm!!
The genesis of the article is that the Centers for Medicare and Medicaid Services (CMS), the agency that is responsible for the Health Insurance Portability and Accountability Act (HIPAA) oversight and compliance enforcement, has contracted PricewaterhouseCoopers (PwC) to perform HIPAA Security Rule compliance audits during 2008.
Posts Tagged ‘policies and procedures’
CMS Hires A Fox To Guard The HIPAA Henhouse
Tuesday, January 15th, 2008Man Pleads Guilty To Loading Keylogger Software On Public Computers Worldwide To Collect PII and Commit Fraud
Monday, January 14th, 2008Here’s another good example of an actual cybercrime that was allowed to occur because poor of safeguards on computers provided for public use.
On January 9, 2008, Mario Simbaqueba Bonilla plead guilty to installing keylogger software on hotel business center and Internet cafe computers located in hotels throughout the world that allowed him to access the bank and other financial accounts of over 600 individuals.
Insider Threat Example: Programmer Sentenced To 30 Months In Jail And $81,200 Fine
Sunday, January 13th, 2008Here’s a case I blogged about amost exactly a year ago, but it is worth revisiting since the sentencing for the crime was just handed down and it was significant. If you haven’t already, put this in your file of actual examples to incorporate into your information security and privacy awareness and training activities and content.
On January 8 a federal court in Newark, New Jersey, sentenced Yung-Hsun “Andy” Lin, a former systems administrator for Medco Health Solutions Inc., to 30 months in prison for transmitting computer code intended to wipe out data stored on Medco’s network; composed of more than 70 servers.
Terrorists Over 50 Don’t Fly According To The DHS
Friday, January 11th, 2008New FTC Spam & Phishing Report
Wednesday, January 9th, 2008On December 28 the U.S. Federal Trade Commission (FTC) made a new report available to the public, “Spam Summit: The Next Generation of Threats and Solutions.”
The report describes the findings from a July 2007 workshop the FTC hosted, and proposes follow-up action steps to mitigate the damages caused by malicious spam and phishing.
Egregious Privacy Infringment: Fire Chief Emails Photo Of Topless Crash Victim
Tuesday, January 8th, 2008Here is an example of how personnel can take photos and videos and completely invade the privacy of others, particularly those who have no voice to say stop.
A Central Florida fire chief will likely lose his job for widely emailing photos from a crash scene of a female victim that included view of her exposed breasts as paramedics were attending to her.
E-Discovery Decision Demonstrates Need For Effective Retention Practices: A Great Case Study For E-Discovery Training
Monday, January 7th, 2008I’m still catching up on December news…and I ran across a significant e-discovery ruling. The U.S. District Court for the Central District of California ruled December 13, 2007, that Justin Bunnell/www.TorrentSpy.com was guilty of “willful spoliation of evidence” violating the E-Discovery Rule in the suit Columbia Pictures, Inc. brought against them for copyright infringement.
Reading through the court records, it is really amazing how blatantly the defendent violated what seemed to be almost every e-discovery rule possible in this situation. They…
Privacy, The 5th Amendment And PGP Passwords
Sunday, January 6th, 2008While doing some encryption research I ran across this Vermont ruling made on November 29, 2007.
It provides some good lessons about computer forensics and investigation and password management.
