Healthcare
From the Web
Coalition for Patient Privacy Calls on HHS to Repeal the Breach Notification Rule
October 28, 2009 from: Office of Inadequate Security
The Coalition for Patient Privacy urges the Department of Health and Human Services to revise and repeal the interim final rule (IFR) establishing requirements for notification of breaches of unsecured protected health information.
Comments (0)
Where are the DBAs?
October 07, 2009 Added by:Michael Menefee
What I really want to know is this: Where are the Database Admins (DBAs) these days? I cant tell you how many times in the past 18 months that I’ve found real enterprises running vulnerable databases with default passwords, weak passwords and no real permissions management.
Comments (3)
From the Web
Highmark changes it procedures in wake of BCBS breach
October 07, 2009 from: Office of Inadequate Security
that their Social Security numbers or tax ID numbers were on the stolen laptop containing their unencrypted data. A BCBS employee had reportedly breached policy by downloading the unencrypted database to a personal computer that was later stolen from the employee’s vehicle.
Comments (0)
From the Web
850,000 doctors could be hit by potential data breach
October 06, 2009 from: Office of Inadequate Security
A file containing identifying information for every physician in the country contracted with a Blues-affiliated insurance plan was on a laptop computer stolen from a BlueCross BlueShield Assn. employee. It is not yet known whether any identity theft has resulted from the data breach.
Comments (0)
From the Web
Website exposes sensitive details on military personnel
September 08, 2009 from: Office of Inadequate Security
Programming errors on a website that helps commuters carpool to work are exposing sensitive information of workers for hundreds of employers in Southern California, including at least one military installation.
Comments (1)
From the Web
Email Obfuscation and Spam Robots
September 08, 2009 from: Rsnake's blog at ha.ckers.org
I’ve long been interested in spam and robots that scrape for email addresses. I’ve done tons of work in the space, although I’ve never published any of it. Call it more of a side hobby than anything I really want to go public with - as it is with a lot of my research
Comments (0)
From the Web
Digital Direct reports breach
September 05, 2009 from: Office of Inadequate Security
Chris Cooper of Bloomberg.com reports that Digital Direct, Inc., a unit of Mitsubishi Corp., had a breach of their e-commerce web site that resulted in the compromise of 52,000 customers’ credit card numbers.
Comments (0)
From the Web
Helping users keep plugins updated
September 04, 2009 from: Mozilla Security Blog
Starting with the upcoming releases of Firefox 3.5.3 and Firefox 3.0.14, Mozilla will warn users if their version of the popular Adobe Flash Player plugin is out of date. Old versions of plugins can cause crashes and other stability problems, and can also be a significant security risk.
Comments (0)
From the Web
Best of Application Security (Friday, Sep. 4)
September 04, 2009 from: Jeremiah Grossman's Blog
Ten of Application Security industry's coolest, most interesting, important, and entertaining links from the past week -- in no particular order. Regularly released until year end. Then the Best of Application Security 2009 will be selected!
Comments (0)
From the Web
Announcement Regarding The October 2009 Critical Patch Update
September 03, 2009 from: The Oracle Global Product Security Blog
Because many Oracle customers with responsibility for deploying the Critical Patch Update within their respective organizations will be attending Oracle OpenWorld on October 11-15, 2009; the October 2009 Critical Patch Update originally scheduled to be published on Tuesday, October 13th 2009, will be released on October 20th 2009.
Comments (0)
From the Web
Two to plead guilty to fraud, HIPAA violations
August 31, 2009 from: Office of Inadequate Security
United States Attorney Joyce White Vance announced that Isaac Earl Smith, 38, and Annetra Poole-Moore, 37, have agreed to plead guilty to federal crimes involving health care fraud, disclosures prohibited by the Health Insurance Portability and Accountability Act (HIPAA), and aggravated identify theft.
Comments (0)
From the Web
Whistleblower lawsuit against Kaiser (updated)
August 10, 2009 from: Office of Inadequate Security
At a time when concerns about the privacy and security of electronic health records are a hot topic and the issue of private vs. public health insurance is making the front pages, a lawsuit filed by a former Kaiser employee alleges that Kaiser knowingly and repeatedly violated HIPAA, exposed millions of members to identity theft, and ripped members off by not keeping track of deductibles and co-pa...
Comments (2)
OWASP Testing Guide Version 3
August 03, 2009
This is an excellent resource on the process of testing web applications for security vulnerabilities/general insecurities...this is by no means exhaustive nor perfect for every envirnment, but a valuable read for anyone who manages or tests web applications
Comments (2)
From the Web
Carrell Clinic guard indicted
July 31, 2009 from: Office of Inadequate Security
A federal grand jury in Dallas has returned an indictment charging an Arlington, Texas, man, who worked as a contract security guard at the Carrell Clinic on North Central Expressway in Dallas, with felony offenses related to his compromising and damaging the hospital’s computer system, announced Acting U.S. Attorney James T. Jacks of the Northern District of Texas. Jesse William McGraw, a/k...
Comments (0)
From the Web
Leahy reintroduces data breach bill
July 23, 2009 from: Office of Inadequate Security
Senate Judiciary Chairman Patrick Leahy (D-Vt.) has reintroduced a data breach bill that would set tougher rules for government agencies and private sector firms regarding consumers’ personal information.
Comments (0)
- Improving Security by Failing Faster
- BYOD: Should It Be the Wave of the Future?
- Trend Micro Discovers "SafeNet" - a New Targeted Espionage Operation Online
- Managing My Company’s Security is a Nightmare
- Bridging the Cybersecurity Divide, Why Security Innovation Must Lead the Way
- The Evolution of Industrial Control System Information Sharing
- ATM Security (And Really Learning from the Past)
- Complimentary IT Security Resources [May 13, 2013]
- Steps Toward Weaponizing the Android Platform
- Mobile Security Processes Could Be Applied to Medical Devices: Bluebox