New Cybersecurity Bill of Rights Announced by NAIC
The National Association of Insurance Commissioners (NAIC) has chosen National Cybersecurity Awareness month to announce a new bill of rights aimed at protecting consumers, which sets new standards for insurers to follow, and protects subscribers whose personal information is exposed in an insurance data breach. The new cybersecurity bill of rights has been summarized in a PDF file which is available for viewing and download on the NAIC website. The document outlines the rights of consumers following a data breach that exposes personal information. While the new bill of rights has now been made available, how it is applied may actually vary depending on where insurance consumers live, as consumer rights will still be governed by data breach laws in each state. Monica J. Lindeen, the Montana Insurance Commissioner and current NAIC president, spoke of the new bill of rights earlier this month. “Cybersecurity is one of the biggest challenges facing businesses today and this is one of our association’s key priorities,” she went on to say, “Our commitment to strengthening the...
Android Smartphone Security Continues to Cause Concern
How Secure is an Android Smartphone? Android Smartphone security continues to cause concern, even after Google’s decision to start issuing monthly security updates for the Android platform. Fears about Android device security were not alleviated by a new University of Cambridge (UK) study (partially funded by Google) which suggests that despite the new monthly security updates, 87.7% of Android Smartphones contain at least one critical security vulnerability. Study Confirms Serious Android Smartphone Security Issues The study involved researchers collecting version numbers and build numbers of over 20,400 devices, via the Device Analyzer App available through Google Play Store. Each phone was also tested against 13 known “critical” security vulnerabilities. The study looked at different Android mobile phone manufacturers and assessed the security of the devices, revealing there are considerable differences in the degree of protection offered to users. Each manufacturer was assigned a security score by the research team, the calculation of which involved an analysis of a number of...
PHI of 1,615 Medicaid Patients Potentially Exposed by NC DHHS
The North Carolina Department of Health and Human Services (NCDHHS) has started sending breach notification letters to 1,615 patients alerting them to a breach of their Protected Health Information (PHI), following an internal breach of security protocol. NCDHHS Spokeswoman, Kendra Gerlach, issued a statement yesterday announcing the data breach, which occurred on August 19, 2015. Under the regulations laid down by the Health Insurance Portability and Accountability Act’s Breach Notification Rule, covered entities are allowed up to 60 days to alert the Office for Civil Rights, media, and patients of PHI. This is a maximum time limit. The Breach Notification Rule also says that notices must be issued to patients without unreasonable delay. The notice was issued very close to the 60-day deadline, although the delay was explained by Gerlach as being necessary as NCDHHS “must investigate thoroughly and ensure there is full understanding before determining next steps [to take].” The security breach was caused when an employee sent an email to the Granville County Health...
SecurityMetrics Reports on HIPAA Security Rule Compliance
What steps are U.S healthcare organizations taking to ensure HIPAA Security Rule compliance? How well are HIPAA rules understood? Are healthcare providers actually now compliant with HIPAA Rules? These questions will naturally be answered when the Office for Civil Rights compliance audit program recommences early in 2016. In the meantime, SecurityMetrics – a Utah-based merchant data security and compliance company – decided to get some answers now and conducted a survey of health IT professionals to gain a better understanding of the general state of HIPAA compliance among healthcare organizations. Attitudes on HIPAA-Compliance Probed Security Metrics compiled a survey to probe attitudes on common patient health data protection issues, network security measures used to safeguard data, and other security issues such as Wi-Fi encryption. The aim was to gain a better understanding of the efforts U.S healthcare organizations are making to comply with the HIPAA Security Rule. Over 300 healthcare professionals took part in the survey and were asked over 40 questions relating to...
Unencrypted Laptop Theft Exposes PHI of 9,300 University of Oklahoma Patients
Lightening does strike twice, at least in Oklahoma it would seem, where yet another unencrypted laptop has been stolen from the car of a University of Oklahoma (UO) physician, this time exposing the Protected Health Information (PHI) of 9,300 patients, adding to the 7,693 victims created by the last UO unencrypted laptop theft, reported in July. If the Department of Health and Human Services’ Office for Civil Rights has not yet investigated the previous breach – suffered by the University of Oklahoma’s College of Medicine’s Department of Obstetrics and Gynecology – this additional laptop theft may well move the investigation up the priority list. This time around, the security breach hints of HIPAA violations. University of Oklahoma HIPAA Breach? In the latest case, UO was unaware that the Department of Urology physician in question was storing patient data on the laptop, which was in violation of internal data security policies. The breach notice was issued almost three months after the theft occurred, suggesting a violation of the HIPAA Breach Notification Rule. UO...



