By:
On:
In: *Connecting the Dots Blog*, Information Privacy, Information Security, Risk Management

  In my 30+ years of performing risk, vulnerability and threat assessments, I have always advised my clients to be really careful with whom they hire to for “maintenance and cleaning crews”.  This news about the Target data breach validates my advice.   According to news reports, the hackers that pulled off one of the largest and most expensive data breaches ever, did so by stealing/hacking credentials from Target’s HVAC subcontractor.  Once the hackers had the HVAC subcontractor credentials, they had access to Target’s network and were able to place their sophisticated malware…and you know the rest of the story.   This ‘Connecting the Dots’Read More →

By:
On:
In: *Connecting the Dots Blog*, Information Privacy, Information Security, Regulatory Compliance

  The HHS Office for Civil Rights is asking for $46.7 million in funding, an increase of $5.6 million over the current level.  76 percent of the new funds will be for increased enforcement of health information privacy and security rules. Lessons Learned:  Increased enforcement of existing and new regulatory requirements are on the way.  Is your organization prepared and meeting all compliance requirements for HIPAA/HITECH or are you willing to take your chances?  Based on numerous other lessons learned stories in this blog (search the Lessons Learned Blog for your sector or other keywords), getting your compliance program in shape sooner than later makesRead More →