HITECH Act: What You Need to Know About New Data-Breach Guidelines
THU, OCTOBER 29, 2009 — Network World — Healthcare providers and others handling sensitive patient data are now finding the stakes raised if they suffer a data breach because of a new law known as the "Health Information Technology for Economic and Clinical Health Act," or HITECH Act.Enterprise Data Security: Definition and Solutions Slideshow: When Rogue IT Staffers Attack: 8 Organizations That Got Burned Passed by Congress in February, the HITECH Act is now coming into enforcement by the U.S. Department of Health and Human Services (HHS) and the Federal Trade Commission (FTC), which each have been given a role to play under the law, potentially levying punishments and fines on organizations that stumble in protecting personal health information.
Depending on whether a data breach arises from a simple mistake to willful theft, fines will range in tiers from as low as $100 per violation for a slip-up regarding unencrypted data to $1.5 million or more for knowingly and willfully violating the data-breach rules, say those familiar with the HITECH Act.
"Under the HHS rule, you have to figure out if you had a data breach," says Rebecca Fayed, attorney-at-law firm Sonnenschein, Nath & Rosenthal's healthcare group division in Washington, D.C.. But the new rules, which cover both electronic and paper formats, are far from simple. More...
10-29-2009 10:36
China Expands Cyberspying in U.S., Report Says
WASHINGTON -- The Chinese government is ratcheting up its cyberspying operations against the U.S., a congressional advisory panel found, citing an example of a carefully orchestrated campaign against one U.S. company that appears to have been sponsored by Beijing.The unnamed company was just one of several successfully penetrated by a campaign of cyberespionage, according to the U.S.-China Economic and Security Review Commission report to be released Thursday. Chinese espionage operations are "straining the U.S. capacity to respond," the report concludes. More...
10-22-2009 10:37
Big-Box Breach: The Inside Story of Wal-Mart’s Hacker Attack
Wal-Mart was the victim of a serious security breach in 2005 and 2006 in which hackers targeted the development team in charge of the chain’s point-of-sale system and siphoned source code and other sensitive data to a computer in Eastern Europe, Wired.com has learned.Internal documents reveal for the first time that the nation’s largest retailer was among the earliest targets of a wave of cyberattacks that went after the bank-card processing systems of brick-and-mortar stores around the United States beginning in 2005. The details of the breach, and the company’s challenges in reconstructing what happened, shed new light on the vulnerable state of retail security at the time, despite card-processing security standards that had been in place since 2001.
In response to inquiries from Wired.com, the company acknowledged the hack attack, which it calls an “internal issue.” Because no sensitive customer data was stolen, Wal-Mart had no obligation to disclose the breach publicly.
Wal-Mart had a number of security vulnerabilities at the time of the attack, according to internal security assessments seen by Wired.com, and acknowledged as genuine by Wal-Mart. For example, at least four years’ worth of customer purchasing data, including names, card numbers and expiration dates, were housed on company networks in unencrypted form. Wal-Mart says it was in the process of dramatically improving the security of its transaction data, and in 2006 began encrypting the credit card numbers and other customer information, and making other important security changes. More...
10-13-2009 08:42
Current Focus
Latest News
- Google revamps search, tries to think more like a person
- Mac botnet generated $10,000 a day for Flashback gang
- Google view on mobile ads awaited at CEO's 1-year anniversary
- Breach Hits Card Processor Global Payments
- Foreign spies 'penetrate' US military networks
- New Interest in Hacking as Threat to Security
- Pakistan Builds Web Wall Out in the Open
- Computer spyware is newest weapon in Syrian conflict
- Google cookies 'bypassed Safari privacy protection'
- Google Wallet a security risk: researchers