The precision medicine initiative (PMI) is a program being promoted by the White House which consists of technology, patients, big data, researchers and security to push the current limits of health care treatment.
The shift to have the flexibility of a POS application running on a mobile device has allowed business to become more agile, user friendly and profitable. The concern with this shift is that there are major concerns with putting certain applications and processes within a mobile environment without the proper protection and due diligence. That’s what makes the security of mobile POS (mPOS) such a hot topic.
Penetration testing is an extremely important aspect of an information security program and just so happens to be a requirement of PCI. Throughout this blog we’ll explain what penetration testing is and review what’s expected of you from a PCI perspective. This is an important topic that assists with finding risks within your infrastructure and promotes better overall security throughout your environment.
When your health care company experiences a data breach, which could include the loss of protected health information (PHI), passwords, intellectual property, internal disclosures etc., you may face stiff penalties and fines if you are found non-compliant with HIPAA. These fines, along with lawsuits, drive the cost of a health care breach into the stratosphere.
Hot on the heels of Braintree's acquisition by PayPal, 3 of the major card brands - Visa, Mastercard, and American Express - have announced a joint effort to create their own token-based standard for securing ecommerce transactions. No word on why Discover was left out of the party.
Our team has been very busy with a wide variety of assessments and special projects. One such project involved revamping the MegaplanIT website. Another big project is getting our clients up to speed with the newPCI-DSS 3.1 standard.
Clients often ask us "If we had one more dollar to spend on IT security, where should it go?" In today's web-driven world, with new technologies and threats emerging all the time, there is always one constant element - your employees. These are the people interacting with strangers on the phone, multi-tasking on multiple password-protected sites or internal networks, and otherwise keeping an eye on the shop. Your dollar would be well spent, we reply, on Security Awareness Training to help employees avoid causing breaches, and developing an Incident Response Plan to reduce costs associated with a breach. Why are these two programs worth budgeting for?
The same elite squad of (Chinese?) hackers that aimed their digital cross-hairs at Facebook has been blamed for targeting a group of corporate Apple users via their Mac's Java browser plug in. While no data was stolen, the event prompted Apple to release an update to Java that would close the vulnerability. All Mac users are highly recommended to download the patch
Evernote, the software that helps users take notes and conduct research, was recently hit by hackers. The company is forcing its members, upwards of 50 million users, to change their passwords ASAP. The malicious individual(s) responsible gained access to usernames, passwords, and email addresses. Evernote has good company, as recent hacker attacks have targeted sites like Facebook, Apple, Twitter, and Microsoft.
If you haven't already heard, Big Data is becoming a rather big deal. Managing massive data sets and correlating trends using deep-rooted analytical tools is already opening doors in the way businesses are solving problems and improving their customer service. These trends are going to grow, but recently a prime example of the way Big Data is currently being used was brought to our attention thanks to Netflix and their original series, House of Cards.
Last week, Twitter announced that it had discovered a data breach and upwards of 250,000 accounts had been compromised. Twitter user details included the usual suspects: usernames, emails, session tokens and encrypted/salted copies of passwords. Twitter was quick to respond, notify those affected, and begin the process of implementing more stringent password protection policies. With that said, it's a good time for all of us to review our social media profiles and ensure that processes you have in place are going to help defend your business data and online reputation. - See more at: https://megaplanit.com/index.php?cID=465#sthash.kaRoYNMD.dpuf
After a new medical management tool developed by Philips was found to be full of vulnerabilities, the Department of Homeland Security (DHS) and the Food & Drug Administration (FDA) rushed in to force the manufacturer to correct the issues. The Xper system is not the first medical device to be found with exploits, which is frightening considering the deadly consequences.
File this in the "Good to Know" category. Most people are unaware that just about every photo copier machine built since the early '00s contains a hard drive. These drives not only store settings and profiles, but they also keep a copy of every single document scanned into the machine. As this video from CBS shows, the amount of information stored on these photo copiers is staggering. From police files to health records, photo copiers see (and remember) everything. - See more at: https://megaplanit.com/index.php?cID=484#sthash.6njKiyME.dpuf
If you're like most IT security officers or business owners, you are striving to avoid any "hiccups" with this year's information security and/or compliance assessment. MegaplanIT's team of QSAs and auditors always recommend that continuous monitoring is key to successful risk management, but there are a few other checklist items that, if implemented throughout the year, may just reduce the level of effort required by your auditor - which should save you time and money!
Most business owners are creating their budgets for 2013, and IT security compliance continues to demand a sizable chunk of operational expenses. To help these business owners focus their IT budget on maximizing data security and risk management, which will enable compliance costs to be reduced, we offer a few New Year's resolutions.
A report in the Washington Post highlights what many in the IT security field have been discussing for months: the lack of even basic security protocols and procedures at well-established health care facilities to protect patient data from falling into the hands of criminal enterprises. Will 2013 be the year that the health care sector gets serious about defending patient data, or will the hackers continue to steal PHI at ever increasing frequencies?
In September 2011, a hacker managed to infiltrate the Abilene Telco Credit Union and got his hands on data from hundreds of Experian credit report users, even those that had never done business with the Texas bank. Using a compromised employee's computer, the individual made away with Social Security numbers, dates of birth, and other sensitive information on over 800 people. Since 2006, Experian's databases have been breached on numerous occasions, leading the US government - and an angry public - to discuss the amount of information credit bureaus retain and how best to stem the tide of breaches.....