A data and privacy breach comprising more than 33,000 patient records, of patients housed at he Martin Luther King, Jr. Multi-Service Ambulatory Care Center (MLK-MACC) in South Los Angeles has been reported by the he Los Angeles County Department of Health Services (DHS) and the Los Angeles County Sheriff’s Department (LASD) and restulted in a suspect being arrested.
The files in question, which have been stored in a secured and locked location have been reported missing on July 29. An immediate search of MLK-MACC campus has been launched for the missing files. Read more
As some of you may know, the Stuxnet worm (and Conficker) has been running amok on both private and corporate networks. The malware spreading via USB devices is always the source of new threats. The latest development of Stuxnet exploits zero day vulnerabilities to target supervisory control firms and data acquisition (Scada) and other industrial systems. Such systems are being used to control pipelines’ pressure or motor work rates on industrial factory floors. Typical environments can be oil pipelines and power-plants, factories etc.
Conficker/Stuxnet detects platforms with Scada systems installed on and uses Windows vulnerabilities to gain access and spread through the network. In the light of current events and the continuous spread of the worm through USB ports and USB portable devices, endpoint security and data loss prevention solution developer CoSoSys has created a four-step strategy against Stuxnet that’s extremely easy to implement: Read more
Federal prosecutors have stated that a former employee of the University of Pittsburgh Medical Center has been indicted for the alleged theft of patient data. This is the first HIPAA-related prosecution in Western District of Pennsylvania.
Paul C. Pepala, 34, of Monroeville, PA, faces 14 counts related to the alleged disclosure of patients’ data for personal gain in February 2008, when he was an employee at UPMC Shadyside Hospital. The indictment lists Pepala as the sole defendant. Read more
Last week, a worm called “Here you have” has started spreading. Among the first targeted companies was Intel. The damages were minor, in part because of the companies traditional defenses, but mainly because of well trained employees. Malcom Harkins, chief information security officer at Intel states that the employees started calling IT as soon as they saw the worm.
“The employee base saw it, they reacted really quickly, and helped us contain it by alerting us to it and then telling others not to click on it,” Harkins says.
Due to the fact that mobile devices nowadays allow more and more people to work from virtualy anywhere, companies need to start treating their employees as security partners. Read more
These systems have a mainly industrial usage. They are being used to control pipelines’ pressure or motor work rates on industrial factory floors. Typical environments can be oil pipelines and power-plants, factories etc. Read more
Although C-level management recognizes the importance of information security, companies all around the UK plan to reduce their information security costs. This rumour is backed up by a survey released by PricewaterhouseCoopers (PwC), which states that budget increases for information security costs is a priority for less then one third (31%) of the UK-based companies. The international average is 52%.
The importance of strategic approach to information security has been increasingly understood by the majority of senior levels despite stringent budget and cost reductions. A statement by William Beer, director of PwC’s OneSecurity practice, shows that high profile incidents in this field, such as the one that led to a fine of £2.3m payed by Zurich Insurance have helped the earlier mentioned senior levels to acknowledge the importance of information security. Read more
Panic grows among 7,000 students that are attending City College of New York as this week they have been notified by the school’s officials that a laptop theft may cause public exposure of their private details, including names and social security numbers.
The computer was stolen a couple of weeks ago, according to a post published by the Educational Security Incidents (ESI) blog. The data of the computer was not encrypted, but only password protected. CCNY officials found no evidence that any of the data has been used for identity theft or other illegal endeavors. Read more
An USB stick belonging to the Manchester Police and containing over 2,000 pages of highly-sensitive and confidential information has made is way to the Daily Star news room, after apparently being dumped in the street close to the Stalybridge police station near Manchester. According to the Daily Star, the files stored on the memory stick contained anti-terrorism information, including strategies for acid and petrol bomb attacks, blast control training and the use of batons and shields.
“Describing its contents as “an essential reference for all officers”, it goes on to outline methods to combat football violence, riots, public disorder and how to deal with violent people when entering a room.
Produced by the National Police Improvement Agency, the files, bearing the title Manual On Guidance Of Keeping The Peace, cover all aspects of counter terrorism and “tactical deployment”.
The Greater Manchester Police replied the Daily Star accusation by refusing to confirm the ownership of the memory stick. Read more
A laptop computer stolen last month endangered the personal information of over 8,300 current and former students and employees of P.K. Yonge Development Research School, a kindergarten-through-grade-12 laboratory school affiliated with University of Florida’s College of Education.
The files stored on the stolen laptop contained employee payroll, employee parking permit and student information dating back to 2000, along with names, Social Security numbers and, in some cases, Florida driver’s license numbers. PK Yonge officials have confirmed that no student academic or medical records, nor any credit card details, were on the computer. Read more