February 01, 2007 | SC Media

Print Issue: February 01, 2007

Organizations turn to new techniques to fight financially motivated attacks

When the University of California, Los Angeles (UCLA) recently announced that hackers had compromised a database of more than 800,000 people associated with the university, perhaps one of the most shocking aspects of the event was how long the bad guys had gone undetected. The hackers accessed information for over a year before security personnel at UCLA suspected any malfeasance.

Health care: Where are the penalties for failing to comply with HIPAA?

Ten years after its ratification, there’s little doubt that the Health Information Portability and Accountability Act (HIPAA) has provided a strong framework for protecting patients’ sensitive medical information against data security threats. What’s just as certain, however, is the dramatic way in which HIPAA has changed the lives of the IT professionals in health care organizations charged with implementing the technology supporting the federal legislation.

Health care: Providers fight internal threats with an eye on HIPAA

Each year hundreds of millions of dollars are spent on technology to ward off hackers, viruses, worms, trojan horses and other “barbarians at the gate.” Yet as CISO for one of the nation’s leading employee benefits organizations, it’s not the threat of outside intruders that keeps me awake at night. Today, many of the biggest risks are internal — employees who through mistakes, mischief or malfeasance can cause serious damage to security of our systems and to sensitive data. This includes well-intentioned employees trying to do their job but who, by not following key policies, invite significant risk.

Is your provider following the rules?

This month we take a look at the health care markets progress in protecting critical data. Its our first such special section devoted to a particular marketplace and its advancements (or lack thereof) in safeguarding personally identifiable information.

News briefs

Attack targetsPayPal, Barclays Bank and eBay were the three firms most targeted by phishers last month, according to statistics compiled by PhishTank users. More than 2,200 validated phishing attempts targeted PayPal users. Suzanne and Mark Stocker (left) were victims of ID theft when one of Suzanne’s childhood friends hacked into their PayPal account and spent nearly $15,000.

Next post in Security News