Posts Tagged ‘privacy risks’
Saturday, January 3rd, 2015
Yesterday I read a news story about how a woman, Mrs. Anita Chanko, saw an episode of the Dr. Oz show “NY Med” that included video of her husband, who had died 16 months earlier, in the hospital receiving care after being hit by a truck while crossing the street. She did not know that such a video even existed.
The picture was blurred, but the woman knew it was her recently deceased husband because she recognized his voice when he spoke, the conversation topic, the hospital where the care was occurring, along with other visual indicators. She heard her husband ask about his wife; her. She then watched his last moments of life, and then his death on television. (more…)
Tags:ABC, Chanko, Dr. Oz., HIPAA, HITECH, Information Security, infosec, medical devices, NewYork-Presbyterian Hospital, NY Med, patient information, personal information, PHI, privacy, privacy professor, privacy risks, privacy rule, privacyprof, protected health information, Rebecca Herold, security rule
Posted in HIPAA, PHI, Privacy and Compliance | No Comments »
Wednesday, December 24th, 2014
Last week fellow IBM Midsize blogger Jason Hannula wrote about Gartner’s prediction that by 2018 more than 50% of all folks will use their mobile computing devices in the workplace before, or instead of, using a desktop or laptop. That’s just three short years away. We already have an abundance of mobile devices being used in a wide range of industries. (more…)
Tags:awareness, BYOD, computing devices, Dropbox, Google Docs, IBM, Information Security, information security policies, information security risks, information security training, infosec, midmarket, privacy, privacy policies, privacy professor, privacy risks, privacy training, privacyprof, Rebecca Herold, risk management
Posted in mobile computing | No Comments »
Thursday, December 18th, 2014
Have you made plans for Data Privacy Day (DPD) yet? What, you’ve never heard of DPD? You can see more about it here. Or, have you heard about DPD, but you’ve not yet had time to plan for it? Well, I love doing information security and privacy awareness activities and events! I’ve been doing them for 2 ½ decades, and have written about them often, and included a listing of 250 awareness activities in my Managing an Information Security and Privacy Awareness and Training Program book.
Here are five of the ways that I’ve found to be very effective for raising privacy awareness throughout the years. (more…)
Tags:Data Privacy Day, Dell, dpd, Information Security, information security risks, infosec, personal information, policies, privacy, privacy awareness, privacy information, privacy professor, privacy risks, privacy training, privacyprof, procedures, protecting information journal, Rebecca Herold, risks, sensitive information, sensitive personal data, training
Posted in privacy | No Comments »
Thursday, December 18th, 2014
Once or twice a week I get a question from an organization that is considered to be a healthcare covered entity (CE) or business associate (BA) under HIPAA (a U.S. regulation) asking about the types of information that is considered to be protected health information (PHI). Last week a medical devices manufacturer, that is also a BA, asked about this. I think it is a good time to post about this topic again.
If information can be (more…)
Tags:HIPAA, HITECH, Information Security, infosec, medical devices, patient information, personal information, PHI, privacy, privacy professor, privacy risks, privacy rule, privacyprof, protected health information, Rebecca Herold, security rule
Posted in HIPAA, PHI | No Comments »
Thursday, December 11th, 2014
Seeing all these really bad information security incidents and privacy breaches, often daily, are so disappointing. Let’s consider these four in particular.
- The Sony hack that seems to continue to get worse as more details are reported.
- An ER nurse using the credit cards of patients.
- Breaches of Midwest Women’s Healthcare patient records due to poor disposal practices at the Research Hospital.
- TD Bank’s outsourced vendor losing two backup tapes containing data about 260,000 of their customers.
And the list could continue for pages.
These incidents, and most others, probably could have been prevented if an effective information security and privacy management program existed that was built around three primary core elements: (more…)
Tags:awareness, BA management, healthcare, IBM, Information Security, information security policies, information security risks, information security training, infosec, midmarket, outsourcing, privacy, privacy policies, privacy professor, privacy risks, privacy training, privacyprof, Rebecca Herold, risk management, Sony, TD Bank, vendor management
Posted in Information Security, privacy | No Comments »
Wednesday, December 10th, 2014
This year Admiral Mike Rogers, the current Commander, U.S. Cyber Command and Director, National Security Agency/Chief, Central Security Service, gave the luncheon keynote address at the U.S. Chamber of Commerce’s Third Annual Cybersecurity Summit, “Sharing Cyber Threat Information to Protect Business and America.” You can find it at: (more…)
Tags:Admiral Rogers, Dell, Information Security, information security risks, infosec, NSA, personal information, policies, privacy, privacy information, privacy professor, privacy risks, privacyprof, procedures, Rebecca Herold, risks, sensitive information, sensitive personal data, training
Posted in privacy | No Comments »
Wednesday, December 3rd, 2014
I am intrigued by the new social collaboration tool, Verse, which IBM just released that is reportedly intended to reinvent email. Quite a lofty, but worthwhile, goal considering email hasn’t significantly changed since the move from a mainframe based character viewing system to client-based file attachment capabilities! I decided to take a quick look at the issues in the description of Verse that would most impact security and privacy. After a cursory look at the Verse site and a news release about it, here are some of my thoughts. (more…)
Tags:awareness, IBM, Information Security, information security risks, infosec, midmarket, privacy, privacy professor, privacy risks, privacyprof, Rebecca Herold, Verse
Posted in Uncategorized | No Comments »
Saturday, November 29th, 2014
It is that time of the year again…time for prognostications about the year ahead!
I was asked to provide a few predictions for 2015. Based upon not only what I’ve seen in 2014, but also foreshadowing from the past two-three decades, here are some realistic possibilities. (more…)
Tags:2015 predictions, big data, big data analytics, breaches, Dell, FDA, FTC, HHS, HITECH, Information Security, information security risks, infosec, Internet of Things, IoT, personal health recordsHIPAA, personal information, PHR, policies, privacy, privacy breach, privacy information, privacy professor, privacy risks, privacyprof, procedures, Rebecca Herold, risks, sensitive information, sensitive personal data, training
Posted in Cybersecurity, privacy | No Comments »
Monday, November 24th, 2014
When was the last time you made a backup of all your data? How often do you make incremental backups? Do you keep these backups on a separate storage device and disconnected (or firewalled away from) the rest of your network?
“Say, why do you ask?”
The primary reason I’m asking right now is because ransomware is growing rapidly in occurrences; over 700% from last year. Three of the best ways you can help defend against it is by: (more…)
Tags:awareness, Cryptolocker, IBM, Information Security, information security risks, infosec, malware, midmarket, privacy, privacy professor, privacy risks, privacyprof, ransomware, Rebecca Herold, training
Posted in Information Security | No Comments »
Tuesday, November 4th, 2014
Earlier this year after a session I gave at a conference, an attendee who was new to information security, and had just been assigned this responsibility at a mid-sized organization in the healthcare industry, asked if he could visit with me for a while about risk management. Well, of course! During the course of our conversation I learned that he had gotten some very bad advice about risk management in general, and risk assessments in particular. I know from reading various comments throughout the social media discussion sites that bad advice is becoming far too common, with many (more…)
Tags:compliance, compliance documentation, documentation, HIPAA, Information Security, information security risks, infosec, midmarket, policies, privacy, privacy professor, privacy risks, privacyprof, procedures, Rebecca Herold, risk assessment, risk management, risks, SIMBUS, training
Posted in Information Security | No Comments »