Last month, the Health Information Trust Alliance published an analysis of the 108 breaches reported to HHS from Sept. 23, 2009 (when reporting first started under the HITECH Act) to mid-July.  This review illustrates the major impact of theft on healthcare providers.   Of 108 total reported breaches, 68 were the result of theft.  Indeed, the only [...]

According to a story published today in the News Journal, Aon Consulting is mailing letters to approximately 22,000 State of Delaware retirees after it inadvertently posted social security numbers, gender information and dates of birth in a Request for Proposal (RFP) the company prepared for the State.  The RFP information was posted by AON to the procurement [...]

In a pair of articles sent out by CNA to its law firm insureds, two large law firms showcase (by way of their privacy and risk management departments) the rising data loss exposures faced by all law firms.  An article written by seasoned privacy attorneys from Hunton & Williams provides “an overview of key privacy and information security issues impacting the practice [...]

Two recent articles have come up with differing viewpoints regarding the merits of buying network security and privacy (NSAP) insurance.  On the one hand, an article in Network World has taken the position that it is almost foolish not to have NSAP insurance given the potential damages, increasing threats and the inability to safeguard against all such [...]

According to the 2010 HIMSS Analytics Report: Security of Patient Data, even though providers continue to update their security infrastructure, patient data remains at serious risk.  And, despite new statutory requirements for healthcare privacy and security, these critical gaps remain.  The study’s conclusion is not that surprising given new healthcare breaches are being reported on a daily basis. One improvement that can be immediately implemented with little [...]

A recently disclosed $10 million data breach expense bill raises an issue that has been percolating the network security and privacy (NSAP) insurance marketplace for several years now.  The publicly disclosed expenses involve BlueCross BlueShield of Tennesee (BCBST). According to BCBST, in October 2009, “57 hard drives containing audio and video files related to coordination of [...]

Using a lavish press conference as the backdrop, HHS officials announced yesterday proposed changes to the HIPAA regulations as well as an updated web page listing those breaches impacting more than 500 individuals.  The purpose of the new Rules issued yesterday is to align the HIPAA rules with the HITECH Act passed last year.   Specifically, the press announcement states:  The [...]

Taking advantage of a federal law passed last year, Connecticut’s Attorney General, Richard Blumenthal, announced yesterday a settlement with HMO Health Net that includes a corrective action plan, a $250,000 payment to the State of Connecticut (with an additional potential pot of $500,000), and increased credit monitoring and ID theft insurance to potential victims.  According [...]

In the recently published Symantec survey of 2,500 executives with responsibility for IT security – half from companies of less than 100 employees – cyber-attacks were ranked as their top business risk.  And, of those polled by Symantec, 74 percent said they were “somewhat or extremely concerned” about losing sensitive electronic data.  In fact, 42 percent lost confidential [...]

The recently released Carnegie Mellon CyLab 2010 Corporate Governance survey confirms that there is little change in senior management’s views towards data security – it’s not really a priority.   The CyLab annual survey, which measures board and management attitudes towards the protection of digital assets, is based upon results received from respondents at the board or [...]