Group items tagged

Data security represents both a new market opportunity to sell insurance coverage and a new risk - especially for independent insurance agencies that may not be compliant with data security laws or have plans in place to protect their own companies from data breaches. While data security is an evolving issue, failing to protect data can have a huge financial impact on a company. The average total per-incident cost of a data security breach was $6.65 million, compared to an average per-incident cost of $6.3 million in 2007, according to the "U.S. Cost of Data Breach Study" conducted by data protection company PGP Corp. and information management research firm The Ponemon Institute. The PGP/Ponemon study indicated that data breach incidents cost U.S. companies $202 per compromised customer record in 2008, meaning that companies incur additional costs with an abnormal churn in lost customers. More than 84 percent of data breach cases in 2008 involved organizations that had more than one data breach. And, more than 88 percent of all cases in the study involved insider negligence. The cost of lost business continued to be the most costly effect of a breach, averaging $4.59 million or $139 per record compromised. Lost business now accounts for 69 percent of data breach costs, up from 65 percent in 2007, compared to 54 percent in the 2006 study. "After four years of conducting this study, one thing remains constant: U.S. businesses continue to pay dearly for having a data breach," said Dr. Larry Ponemon, chairman and founder of The Ponemon Institute. "As costs only continue to rise, companies must remain on guard or face losing valuable customers in this unpredictable economy." Includes video: Data Security Creating Insurance Agent Sales Opportunities

In a study that is unlikely to find favor among privacy advocates, researchers from two academic institutions warned that increased efforts to protect the privacy of health data will hamper the adoption of electronic medical records systems. The study, conducted by researchers at MIT and the University of Virginia, said EMR adoption is often slowest in states with strong regulations for safeguarding the privacy of medical records. On average, the number of hospitals deploying EMR systems was up to 30% lower in states where health care providers are forced to comply with strong privacy laws than it was in states with less stringent privacy requirements. That's because privacy rules often made it harder and more expensive for hospitals to exchange and transfer patient information, thereby reducing the value of an EMR system, the study found.

Like this http://cheaptravelbooker.com Like this http://cheaptravelbooker.com like this http://killdo.de.gg travel,hotel,fun,hotel new,new offer,hotel best,best hotel,hotel travel,seo,backlinks,edu,gov,ads,indexing,bookmark,killgoggle,gogglesuck,goggle bookmark,kill goggle,yahoo,bing,indexing,quality links,linkwell,traffic boster,index best

A typical lost or stolen laptop costs employers $49,246, mostly due to the value of the missing intellectual property or other sensitive data, according to an Intel-commissioned study made public Wednesday. "It is the information age, and employees are carrying more information on their laptops than ever before," according to an analysis done for Intel by the Michigan-based Ponemon Institute, which studies organizational data-management practices. "With each lost laptop there is the risk that sensitive data about customers, employees and business operations will end up in the wrong hands." The five-month study examined 138 laptop-loss cases suffered over a recent 12-month period by 29 organizations, mostly businesses but also a few government agencies. It said laptops frequently are lost or stolen at airports, conferences and in taxis, rental cars and hotels. About 80 percent of the typical cost - or a little more than $39,000 - was attributed to what the report called a data breach, which can involve everything from hard-to-replace company information to data on individuals. Companies then often incur major expenses to prevent others from misusing the data. Lost intellectual property added nearly $5,000 more to the average cost. The rest of the estimated expense was associated with such things as investigative costs, lost productivity and replacing the laptop. Larry Ponemon, the institute's chairman and Advertisement founder, said he came up with the cost figure based on his discussions with the employers who lost the laptops. When he later shared his findings with the companies and government agencies, he said, some of their executives expressed surprise at the size of the average loss. But he noted that one of the employers thought the amount could have been even higher.

A recent data breach study commissioned by the state of Maine sheds light on the losses banks experienced as a result of the data breaches at TJX and Hannaford Brother's supermarkets. The state's banks said they incurred $2.1 million in expenses related to data breaches since January 1, 2007. The Hannaford breach had the largest impact, affecting 71 financial institutions and incurring $1.6 million in expenses according to the Maine Data Breach Study. Hannaford is based in Scarborough, Maine. The TJX breach accounted for $485,000 in expenses. The report was issued by the Main Bureau of Financial Institutions in November 2008. It studied the impact of data security breaches on Maine banks and credit unions. Fifty credit unions and 25 banks headquartered in Maine responded to the survey. Financial institutions reported more than 18 million records breached last year, according to the Identity Theft Research Center. The San Diego-based nonprofit found that data breach reports across five industry sectors jumped to 656 last year, up 47% from 2007. About 12% of the reports came from financial-services firms, up from 7% in 2007. In Maine, the Hannaford breach resulted in more than $318,000 in gross fraud losses, according to data reported by 22 financial institutions. More than 700 accounts were used to buy items fraudulently, although five of the 22 institutions that suffered a fraud loss did not report the number of accounts, according to the report. The Hannaford breach cost some banks as much as $58,000 to reissue credit cards to customers. Investigation expenses cost nearly $30,000 for some banks. Communication to customers cost nearly $28,000, some banks and credit unions reported. Fraud losses of nearly $45,000 were tied to the TJX data breach. The losses were reported by six financial institutions. The expenses for reissuing credit cards cost some banks as much as $32,000. Investigation expenses were as high as $21,000 for some banks. Communication to custom

More consumers are growing comfortable with online behavioral targeting, perhaps as a result of an increase in familiarity, but the majority remain uneasy with the practice. That's according to a new study conducted by TNS on behalf of the privacy group Truste. For the study, consumers were asked whether they agreed or disagreed with the statement: "I am comfortable with advertisers using my browsing history to serve me relevant ads, as long as that information cannot be tied to my name or any other personal information." Twenty-eight percent of respondents agreed, up from 24% who agreed when the same study was conducted last year. At the same time, 51% said they disagreed that they were comfortable with anonymous behavioral targeting. While that figure represents a slim majority, it's down from last year, when 57% of respondents said they disagreed. At the same time, more respondents than in the past now say they delete cookies. Almost half--48% of survey respondents--said they erase cookies at least weekly, up from 42% last year. It's not clear how much overlap there is between the respondents that regularly delete cookies and those who say they're uncomfortable with behavioral targeting. Colin O'Malley, vice president of strategic business at Truste, attributed the increase in the proportion of consumers who said they were comfortable with behavioral targeting to increased publicity over the issue. He said the recent attention to the issue in the mainstream media has helped to increase transparency. He added that the increased cookie erasures showed that consumers want to be able to manage their experience. "Cookie deletion is just one more indication that consumers are seeking tools to increase their level of control," he said.

The federal government has a key role to play in researching and organizing a national response to the problem of medical identity theft, authors of a government-funded study have concluded. Patients, providers, payers and other members of the healthcare community also must join in the effort to combat a problem that is serious, although as yet its scope is not fully known, the report stated. Contractor Booz Allen Hamilton released the report last week. It represents the final phase of the $450,000 study funded last year by the Office of the National Coordinator at HHS. The study consisted of three parts, the first being to review existing knowledge about medical identity theft as well as policies and practices to prevent it. Those findings were included in a research paper on the subject released last October. The second phase involved a public meeting Oct. 15, 2008, the same day the paper was released, to "open a dialogue about medical identity theft within the healthcare industry. The final phase, the 26-page report, includes 31 "potential actions," which are recommendations that could form a national policy on medical identity theft. While medical identity theft "may be categorized as healthcare fraud," according to the report, "there are unique and important distinctions of medical identity theft that need to become more commonly understood to address this issue effectively." One difference, the report authors noted, is that the primary motive behind healthcare fraud "is most often monetary gain, such as when fraudulent providers bill for more expensive services than those rendered. However, medical identity theft tends to be focused on the use of someone else's information to gain goods, services and healthcare." IT could hurt, help Therefore, undetected medical identity theft poses medical risks to its victims, since their medical records may contain inaccurate and potentially harmful information that may cause them not to be con

67% of French Organisations Hit By One or More Data Breach Incidents Within Last Twelve Months Research from Ponemon Institute Reveals that only 9 Percent of Respondents have an Overall Encryption Plan or Strategy Applied Consistently across the Enterprise PARIS and MENLO PARK, Calif., Sept. 9 /PRNewswire/ -- PGP Corporation, a global leader in enterprise data protection, has announced the results of its inaugural annual study by The Ponemon Institute, identifying the steps French organisations are taking in order to safeguard their confidential data. The 2009 Annual Study: France Enterprise Encryption Trends study, which polled 414 IT security professionals at enterprises and public sector organisations, found that 67 percent of French organisations have been hit by at least one data breach incident within the last year, with 18 percent having been hit by more than five incidents. A massive 92 percent of the data breaches were never disclosed as there was no legal or regulatory requirement to do so. Despite the large number of data breach incidents, 71 percent responded that data protection was a 'very important' or 'important' part of their risk management strategy, with protecting sensitive or confidential information in motion (transfer) or at rest (storage) their top priority.

Laws in Canada and other countries are increasingly helping technology force people to identify themselves where they never had to before, threatening privacy that allows people to function effectively in society, a new study has found. "What we're starting to see is a move toward making people more and more identifiable," University of Ottawa law professor Ian Kerr said Wednesday. His comments followed the launch of Lessons from the Identity Trail: Anonymity, Privacy and Identity in a Networked Society, a book summing up the study's findings, at a public reading in downtown Ottawa hosted jointly with the Privacy Commissioner of Canada. Kerr led the study with University of Ottawa criminology professor Valerie Steeves. They collaborated with 35 other researchers in Canada, the U.S., the U.K., the Netherlands and Italy. The researchers reported that governments are choosing laws that require people to identify themselves and are lowering judicial thresholds defining when identity information must be disclosed to law enforcement officials. That is allowing the wider use of new technologies capable of making people identifiable, including smartcards, security cameras, GPS, tracking cookies and DNA sequencing. Consequently, governments and corporations are able to do things like: * Embrace technologies such as radio frequency identification tags that can be used to track people and merchandise to analyze behaviour. * Boost video surveillance in public places. * Pressure companies such as internet service providers to collect and maintain records of identification information about their customers. While Canada, the U.K., the Netherlands and Italy all have national laws protecting privacy - that is, laws that allow citizens to control access to their personal data - such legal protection does not exist for anonymity, Kerr said. "Canada is quite similar [to other countries] with respect to anonymity. Namely, it's shrinking here just as it is there.

If practice makes perfect, it's no wonder commercial pilot Chesley B. (Sully) Sullenberger III was able to save the day last week, guiding a malfunctioning jetliner over New York City and landing it safely in the Hudson River. It turns out Sullenberger was well trained for the job and had been studying crisis management. The Associated Press' Amy Westfeldt says Sullenberger, 57, of Danville, California, is a former fighter pilot who runs a safety consulting firm in addition to flying commercial aircraft. Westfeldt says Sullenberger is president of Safety Reliability Methods, a California firm that uses "the ultra-safe world of commercial aviation" as a basis for safety consulting in other fields. "When a plane is getting ready to crash with a lot of people who trust you, it is a test," Civil engineer Robert Bea told Westfeldt. "Sully proved the end of the road for that test. He had studied it, he had rehearsed it, he had taken it to his heart." The pilot "did a masterful job of landing the plane in the river and then making sure that everybody got out," Mayor Michael Bloomberg told AP. "He walked the plane twice after everybody else was off, and tried to verify that there was nobody else on board, and he assures us there was not. He was the last one up the aisle and he made sure that there was nobody behind him."

"Professors from the University of California - Berkeley and the University of Pennsylvania have released the results of a joint study which indicates that young people and old are concerned about private information getting into the wrong hands. They found that approximately two-thirds of all consumers polled said they did not want tailored content if that meant they would be tracked via the Internet. Other interesting findings include: * 66% of respondents reported that tailored/targeted ads 'did not appeal' * 55% of 18-24 year olds reported not wanting tailored ads and 37% reported not waiting tailored discounts * 54% of 18 - 24 year olds report not wanting tailored news * For those over age 65, 82% report not wanting tailored ads and 68% report not wanting tailored news"

"A new study from the Pew Charitable Trust has found that every one of the credit cards offered by the country's 12 largest credit card issuers are bad deals for consumers and have practices the Federal Reserve has defined as "unfair or deceptive." The Trusts' Health Group's Safe Credit Cards Project, titled STILL WAITING: "Unfair or Deceptive" Credit Card Practices Continue as Americans Wait for New Reforms to Take Effect also compared credit union card programs and found them sharply better. "Although credit unions control only a small portion of credit card outstandings, comparisons between credit union and bank product models illustrate options available to consumers and potential benchmarks for future regulatory rulemaking efforts," the organization said. The observed credit unions presented a distinct alternative to credit card pricing and other practices of the observed banks, the report said. "In July 2009, median advertised interest rates on cards from the 12 largest credit unions were between 9.90 and 13.75% annually, depending on a consumer's credit profile-approximately 20% lower than comparable bank rates," the report said. "Meanwhile, credit union penalties were generally less severe than those of banks." "

The Oklahoma Department of Human Services (DHS) is notifying more than one million state residents that their personal data was stored on an unencrypted laptop that was stolen from an agency employee. The computer file contained the names, Social Security numbers, birth dates and home addresses of Oklahoma's Human Services' clients receiving benefits from programs such as Medicaid, child care assistance, nutrition aid and disability benefits, the agency announced Thursday. The computer, which was stolen when a thief broke into the car April 3 after the employee stopped on her way home from work, was password protected, and officials do not believe the burglar realized what he or she was stealing. Therefore, the risk of the data being accessed is minimal, according to the agency. "We feel this was not a situation where someone was targeting the agency or that information," DHS spokeswoman Mary Leaver told SCMagazineUS.com on Friday. "We feel it was random." Leaver said the state Office of Inspector General is conducting an investigation, out of which likely will come a mandatory review of information security policies. However, it is not believed the employee violated existing policy when the incident occurred, she said. News of the theft comes one day after the Ponemon Institute, in conjunction with Intel, released a study that found the average value of a lost laptop is $49,246. About 80 percent of the cost is related to the chance that a breach could occur, the study showed.

Even a booster of electronic systems like David Blumenthal, who just started his Washington post as the national coordinator of health IT, points to a myriad of challenges when it comes to digitizing the nation's medical records. Just take a look at his piece this month in the New England Journal of Medicine, in which he cites technical concerns and worries about patient privacy, among other things. In an interview with the WSJ, he said problems can crop up if the systems are installed too quickly and without enough technical support. There are plenty of potential advantages that electronic records can bring, from helping hospitals and doctors get information quickly on patients' medical histories to making catches when two drugs are being prescribed that may interact dangerously together. But there are also risks: Take a look at a study in Pediatrics that cites the case of Children's Hospital of Pittsburgh, which initially saw a rise in the death rate for certain patients after computerizing its order-entry system, perhaps because it took longer to begin their treatment. (The hospital told the WSJ the study was "flawed," adding the mortality rate had fallen since then.) The WSJ also cites the case of a patient who was initially given an incorrect diagnosis based on a mix-up involving electronic records and a test result for another patient. Health Blog Question of the Day: What's been your experience with electronic records? Do they prevent safety problems or create new risks?

The Federal Trade Commission today announced that it has approved a Federal Register notice seeking public comment on a proposed rule that would require entities to notify consumers when the security of their electronic health information is breached. The American Recovery and Reinvestment Act of 2009 (the Recovery Act) includes provisions to advance the use of health information technology and, at the same time, strengthen privacy and security protections for health information. Among other things, the Recovery Act recognizes that there are new types of Web-based entities that collect or handle consumers' sensitive health information. Some of these entities offer personal health records, which consumers can use as an electronic, individually controlled repository for their medical information. Others provide online applications through which consumers can track and manage different kinds of information in their personal health records. For example, consumers can connect a device such as a pedometer to their computers and upload miles traveled, heart rate, and other data into their personal health records. These innovations have the potential to provide numerous benefits for consumers, which can only be realized if they have confidence that the security and confidentiality of their health information will be maintained. To address these issues, the Recovery Act requires the Department of Health and Human Services to conduct a study and report, in consultation with the FTC, on potential privacy, security, and breach notification requirements for vendors of personal health records and related entities. This study and report must be completed by February 2010. In the interim, the Act requires the Commission to issue a temporary rule requiring these entities to notify consumers if the security of their health information is breached. The proposed rule the Commission is announcing today is the first step in implementing this requirement. In keeping with the Recover

Like this http://cheaptravelbooker.com Like this http://cheaptravelbooker.com like this http://killdo.de.gg travel,hotel,fun,hotel new,new offer,hotel best,best hotel,hotel travel,seo,backlinks,edu,gov,ads,indexing,bookmark,killgoggle,gogglesuck,goggle bookmark,kill goggle,yahoo,bing,indexing,quality links,linkwell,traffic boster,index best

"Identity theft can happen to anyone," is the frequent refrain of government and advocacy groups warning consumers about bank fraud. What they don't add: The crime is far more likely when that "anyone" is a woman. A study released Monday by the fraud-tracking firm Javelin Research showed that women are 26% more likely than men to be the victims of identity theft. While 3.8% of men had their banking details stolen and used for fraud in the last year, 4.8% of women were victimized. And women took far longer on average to discover their financial identities had been compromised, leading to far greater risk of repeat fraud: Women took 83 days to detect they'd been targeted, compared with 45 days for men. The growing reason behind this disparity, argues Javelin President James Van Dyke, is an often-misunderstood trend: Digital commerce is making identity theft harder, rather than easier. Because men are statistically more likely than women to adopt newer technologies such as online banking and shopping, they more often have the benefit of high-tech safeguards, Van Dyke says. Women, because of their lesser use of Web banking and sales, suffer from more old-fashioned fraud caused by stolen credit cards or retail employees, he says. Fifty-eight percent of women, for instance, have never banked online, compared with 55% of men, according to Javelin's study. That means women are less likely to sign up for fraud protection programs like text message or e-mail alerts that warn of abnormal transactions. Twenty-three percent of men use e-mail alerts, compared with 15% of women; 8% of men receive text message warnings, compared with just 3% of women.

Six out of every 10 employees stole company data when they left their job last year, said a study of US workers. The survey, conducted by the Ponemon Institute, said that so-called malicious insiders use the information to get a new job, start their own business or for revenge. "They are making these judgements based out of fear and anxiety," the Institute's Mike Spinney told BBC News. "People are worried about their jobs and want to hedge their bets," he said. "Our study showed that 59% of people will say 'I'm going to take something of value with me when I go'." The Ponemon Institute, a privacy and management research firm, surveyed 945 adults in the United States who were laid-off, fired or changed jobs in the last 12 months. Everyone that took part had access to proprietary information such as customer data, contact lists, employee records, financial reports, confidential business documents, software tools or other intellectual property.

Last week, President Barack Obama convened a health-care summit in Washington to identify programs that would improve quality and restrain burgeoning costs. He stated that all his policies would be based on rigorous scientific evidence of benefit. The flagship proposal presented by the president at this gathering was the national adoption of electronic medical records -- a computer-based system that would contain every patient's clinical history, laboratory results, and treatments. This, he said, would save some $80 billion a year, safeguard against medical errors, reduce malpractice lawsuits, and greatly facilitate both preventive care and ongoing therapy of the chronically ill. Following his announcement, we spoke with fellow physicians at the Harvard teaching hospitals, where electronic medical records have been in use for years. All of us were dumbfounded, wondering how such dramatic claims of cost-saving and quality improvement could be true. The basis for the president's proposal is a theoretical study published in 2005 by the RAND Corporation, funded by companies including Hewlett-Packard and Xerox that stand to financially benefit from such an electronic system. And, as the RAND policy analysts readily admit in their report, there was no compelling evidence at the time to support their theoretical claims. Moreover, in the four years since the report, considerable data have been obtained that undermine their claims. The RAND study and the Obama proposal it spawned appear to be an elegant exercise in wishful thinking. To be sure, there are real benefits from electronic medical records. Physicians and nurses can readily access all the information on their patients from a single site. Particularly helpful are alerts in the system that warn of potential dangers in the prescribing of a certain drug for a patient on other therapies that could result in toxicity. But do these benefits translate into $80 billion annually in cost-savings? The cost-savings from avoi

Affixing a dollar cost to a problem has immense benefit, and The Ponemon Institute goes to great lengths to arrive at the figures for its Annual Cost of a Data Breach Study. We painstakingly analyzed the financial impact a data breach has on a company by examining 43 different companies from a cross section of industries, all of which experienced a significant data breach affecting a range of data records representative of the norm. And knowing that a data breach may cost your company $6.65 million dollars may be all the information that is needed for a company to assign an appropriate budget to those tasked with information security. In 2008 the average total cost of a data breach was $6.65 million, up from $6.35 million last year and $4.54 in 2005. In 2008, the per-victim cost of a data breach was $202, up from $197 in 2007, and from $138 when the study was launched in 2005. Breaches involving a third party to which data had been outsourced bore a per-victim cost of $231, whereas self contained breaches bore a per-victim cost of $179. Breaches that were the result of a malicious act bore a per-victim cost of $225, whereas breaches that were the result of negligence bore a per-victim cost of $199. Breaches that were the result of a lost of stolen laptop computer bore a per-victim cost of $249, whereas breaches that did not involve a lost or stolen laptop computer bore a per-victim cost of $177. If the data breach was a first-time event for the company the per victim cost was $243, but if the company had experienced a breach previously the per victim cost was $192. The simple conclusion to these numbers is clear: the financial impact for a company that experiences a data breach is significant and rising. That finding alone may be alarming, but it seems to merely quantify what most people already knew to be true. The "wow" factor comes when you realize that we haven't simply identified the cost of an inevitable outcome, as if to tell the world, "buckle up and brac

Electronic medical recordkeeping may not cut the overall cost of care, but by eliminating redundant procedures and reducing errors, quality may be improved. When physician Andrew Wiesenthal needs to work out a problem, he runs around Lake Merritt, across the street from his Oakland (Calif.) office at Kaiser Permanente. As one of the main drivers behind Kaiser's decades-long, multibillion-dollar effort to overhaul the way patient health records are kept, Wiesenthal has had a lot of laps to run. Doctors and other medical professionals across the country will be working through similar challenges in the coming years. President Barack Obama plans to spend $17.2 billion to induce care providers to maintain patient records electronically, scrapping the current paper-based system. The Obama Administration wants electronic health records for every American by 2014. Obama's predecessor also made a big push for electronic recordkeeping, and many doctors and hospital administrators see upgrading recordkeeping as a good way to improve care. Yet, fewer than 2% of acute care hospitals have a comprehensive electronic health record system in place, with another 8% to 12% using a basic system, according to a study published by The New England Journal of Medicine in March. Adoption isn't much better among physicians. Only 4% have a comprehensive system in place, with another 13% using basic systems, according to a study published in the journal in July. Kaiser Permanente is one of the few exceptions. Today, all of its medical clinics and two-thirds of its hospitals operate in a paperless environment and the rest are scheduled to be completely digitized by next year. Across the system, about 14,000 physicians access electronic medical records for 8.7 million patients in nine states and the District of Columbia.