By:
On:
In: *Connecting the Dots Blog*, Information Privacy, Information Security

  One of my last blogs discussed the risks of third-party contractors and their responsibilities for protecting information.  This blog will address yet another third-party risk – your janitors. A janitor was recently arrested for removing boxes of records from a Southern California health care clinic.  Interested only in getting money for the paper, the janitor sold 14 boxes of patient records to a recycling center for $40.  This janitor was not interested in identity theft, but the next one might be… In an earlier case, a janitor stole personal information from patient files at a Chicago hospital, participating in an identity theft ring thatRead More →

By:
On:
In: *Connecting the Dots Blog*, Emergency Management, Incident Reporting, Risk Management, School Safety

  Did you see the story from the San Jose International Airport this past weekend? Just before 3pm on Saturday, an SUV pulled up to the arrival curb outside Terminal A at Mineta San Jose International Airport.  Two men dressed in black got out of the SUV and approached the information desk to inquire about flight 1205 from Dallas.  Both men carried assault rifles that were strapped across their chests and they had handguns in their holsters. One of the volunteers politely asked if they were one of those people on planes that look for terrorists…one of the men simply answered no. The volunteers commentedRead More →

By:
On:
In: *Connecting the Dots Blog*, Human Resources, Information Security, Legal

  In a recent incident, a man called a 24-hour Wal-Mart in Ohio and explained to an associate that he was with Wal-Mart’s IT department and needed the associate to activate several gift cards, read to him the card numbers and then provide the authorization codes from the back of the cards.  The associate willingly did so – and not until $11,000 in online fraud later, did the store realize they had been tricked. This is a great lesson learned to share with your employees (and third-parties).  Do your employees understand your organization’s policies on providing/protecting information in different situations? The Wal-Mart caller did notRead More →

By:
On:
In: *Connecting the Dots Blog*, Information Privacy, Information Security, Legal, Regulatory Compliance

  A recent GAO report has revealed that federal agencies utilizing contracted workers are failing to implement contractual assurances with third-parties regarding the protection of sensitive information. GAO auditors examined the contracting practices of three of the largest federal agencies and of those three, only one (DHS) required third-party companies to sign standard contracts requiring the contractors to follow best practices in safeguarding sensitive information. In a recent data breach, a TSA contractor allegedly provided a Boston couple the social security numbers for more than a dozen TSA workers.  Third-parties are increasingly responsible for data breaches, but most often, the hiring agency or company willRead More →

By:
On:
In: *Connecting the Dots Blog*, Business Continuity, Emergency Management, Legal, Regulatory Compliance

  Most everyone has heard or muttered these words at some time or another: If I Knew Then What I Know Now…                                                                                                                                                                                                                          The saying is most often used when we look back at our life and we realize that if I knew then (when I was younger) what I know now (with more experience and wisdom), I may have made some different decisions. The saying also came to mind recently as we were reminded of the 9year anniversary of September 11th and the 5 year anniversary of Katrina and numerous other incidents that have provided experience and wisdom that we could have used before these eventsRead More →

By:
On:
In: *Connecting the Dots Blog*, Emergency Management, Incident Reporting, Risk Management

  Most everyone has heard or muttered these words at some time or another: If I Knew Then What I Know Now…                                                                                                                                                                                                                          The saying is most often used when we look back at our life and we realize that if I knew then (when I was younger) what I know now (with more experience and wisdom), I may have made some different decisions. The saying also came to mind recently as we were reminded of the 9year anniversary of September 11th and the 5 year anniversary of Katrina and numerous other incidents that have provided experience and wisdom that we could have used before these eventsRead More →

By:
On:
In: *Connecting the Dots Blog*, Information Security

  Dennis McCafferty of CIO Insight recently did a two part overview on Enterprise Security Risks and in part 2 he talked about the hottest security catch phrase of 2010 – Advanced Persistent Threat (APT). According to the overview, an Advanced Persistent Threat is an insidious attack by a well-funded, state-sponsored intelligence organization.  The overview goes on to describe how APT attackers are more patient than a bored Gen Y hacker or financially motivated crook. They are willing to slowly gather information and data from multiple sources and social media sites and then execute a targeted, social-engineering attack on their terms. Are bad guys out-thinkingRead More →

By:
On:
In: *Connecting the Dots Blog*, Incident Reporting, Workplace Violence

  What is your first thought when you hear the word WHISTLEBLOWER? Whistleblower definitions commonly say a whistleblower is any person that reveals wrongdoing or malpractices taking place within an organization.  And in many cases a whistleblower may face retaliation or other negative ramifications and by law may require special protection. What is your first thought when you hear the word HERO? Hero definitions run from mythical and legendary figures to a person that is admired for their achievements or noble qualities to a central figure in an event, period or movement. When is the last time you heard an organization promote their Hero Line? Read More →

By:
On:
In: *Connecting the Dots Blog*, Health Care, Incident Reporting, Legal

  A previous Lessons Learned Blog mentioned the Dodd-Frank Wall Street Reform and Consumer Protection Act and a special bounty program within the Act for whistleblowers.  Did you see it? An attorney at the Healthcare Financial Management Association’s Annual National Institute legal update says healthcare providers may be heading into a storm of whistleblower suits that could cause serious problems for the unprepared. The attorney predicts the new Patient Protection and Affordable Care Act could lead to an explosion of whistleblower lawsuits because the new law does not require the plaintiff to have direct knowledge of alleged fraud to file a suit. So if youRead More →

By:
On:
In: *Connecting the Dots Blog*, Information Privacy, Information Security, Legal, Regulatory Compliance, Risk Management

  Dissemination vs. Implementation The Veterans Affairs Department recently announced they will be publishing monthly online accounts of data breaches and lost BlackBerrys and laptops in order to improve accountability and increase transparency. What was shocking to me was that from April through July of this year, the VA has lost 72 BlackBerrys and 34 laptops.  Patient information has been sent to the wrong address or mailed incorrectly 441 times.  There were 9,746 breach incidents involving notifications to patients and 2,501 incidents in which credit reporting was required. Almost 10,000 breach incidents in 3 months!  What is wrong with this picture?  Instead of just disseminatingRead More →