Group items tagged

PGP Corporation, an enterprise data protection company, and the Poneman Institute, a privacy and information management research firm, as part of their fifth annual U.S. Cost of a Data Breach Study, tracked a wide array of cost elements

data breaches caused by malicious attacks and botnets were on the high end of severity and cost responses. These types of breaches doubled from 2008 to 2009.

"Our research shows that the healthcare industry is struggling to protect sensitive medical information, putting patients at risk of medical identity fraud and costing hospitals and other healthcare services companies millions in annual breach-related costs," said Dr. Larry Ponemon, chairman and founder, Ponemon Institute.  "At this point one would hope to see that healthcare organizations have improved information security practices and come into compliance with HITECH, now that it's been more than one year since it was enacted.  Instead we found enormous vulnerabilities.  The protection of patient data should be at the forefront of their efforts."

ey findings of the research: Data breaches are costing the healthcare system billions.  The total economic burden created by data breaches on the healthcare industry is nearly $6 billion annually.  The impact of a data breach over a two-year period is approximately $2 million per organization and the lifetime value of a lost patient is $107,580.  The average organization had 2.4 data breach incidents over the past two years.  Major factors causing data breaches are unintentional employee action, lost or stolen computing devices and third-party error.Healthcare organizations are not protecting patient data.  Organizations have little or no confidence in their ability to appropriately secure patient records (58 percent).  Healthcare organizations have inadequate resources (71 percent) and insufficient policies and procedures in place (69 percent) to prevent and quickly detect patient data loss.Protecting patient data is not a priority.  Seventy percent of hospitals stated that protecting patient data is not a top priority.  Patient billing (35 percent) and medical records (26 percent) are the most susceptible to data loss or theft.  A majority of organizations have less than two staff dedicated to data protection management (67 percent).HITECH has exposed the healthcare industry's lax data protection practices rather than improved the safety of patient records.  The majority (71 percent) of respondents do not believe the HITECH Act regulations have significantly changed the management practices of patient records.  The findings indicate that there is a significant number of data breaches that go undetected, and therefore unreported.

"We talk with healthcare compliance people dealing with data breach risks every day and they just can't get their arms around the problem of data exposure," said Rick Kam, president and co-founder of ID Experts.  "Unfortunately, in healthcare organizations, patient revenue trumps risk management."

Now, in a survey of more than 600 small business owners and executives, the Ponemon Institute has tried to put a number on the cost of credit card account fraud for those vulnerable targets, comparing the damage with the cost of physical theft by employees or burglars. The result: While identity theft takes less from businesses per incident than either robberies or crooked employees, it hits them often enough that it's an equally costly or even costlier problem. According to Ponemon's study, the median account fraud incident costs a business $5,136. That's much less than the $9,913 the respondents attributed to the median cost of a burglary or $17,517, the cost they attributed to an employee theft case. But take the frequency of those incidents into account, and the pain adds up. About 86% of businesses have suffered from account fraud, more than the 77% who have been robbed or the 63% whose employees have stolen from them. And among those victims, most businesses experience employee theft either once (32%) or zero times a year (41%). Robberies are less costly but more frequent: Most businesses report them either once (29%) or between two and five times a year (38%). Account fraud is far more frequent: 45% of businesses have been digitally defrauded two to five times in the last year, and 38% have been defrauded more than five times.

"Three-fourths of businesses are deleting files, reformatting or destroying drives, or 'do not know' how they are erasing sensitive data. Deleting files from a hard drive only marks the files to be rewritten, which may never occur. Furthermore, reformatting the drive only removes the entries in the index or table of contents that point to the data. And, physically destroying a drive is not a guaranteed method of protection, as Kroll Ontrack has been recovering data from severely damaged drives, such as the Columbia space shuttle, for more than 25 years.

"Surveying more than 1,500 participants from 12 countries across North America, Europe and Asia Pacific regarding their data wiping practices also revealed that four in 10 businesses gave away their used hard drive to another individual and 22 percent do not know what happened to their old computer.

Only 19 percent of businesses deploy data eraser software and fewer, 6 percent, use a degausser to erase media. When asked if and how businesses verify their data has been deleted, very few (16 percent) reported relying on a product or service report to confirm all of their data had been wiped.

Here are five steps your company can implement quickly and cost-effectively.

1. Deploy comprehensive endpoint security to check endpoint devices for spyware and malware.

2. Ensure that user devices adhere to defined corporate security policies before, during, and after network connection.

“The City and County of San Francisco has always been forward-thinking in leveraging technology to improve the services it provides,” said Gail Thomas Flynn, vice president of U.S. State and Local Government at Microsoft Corp. “We are excited at the opportunity to equip and support the employees of San Francisco with the tools they need to better serve the people of San Francisco.”

Several competing solutions were examined based on criteria that included price, security, functionality, flexibility, SLA-backed service, proven record for support, and integration with existing infrastructure and tools.

“By moving to the Microsoft platform, we not only get immediate improvements to our system, but we gain a disaster-resilient system that provides the most modern information tools, with solid support provisions that can scale with the needs of our constituents,” San Francisco Chief Information Officer Jon Walton said.

The Deloitte Forensic Center’s analysis of the E-Discovery: Mitigating Risk Through Better Communication survey results1 identified three interrelated challenges. They are: Communication Awareness Readiness

At the heart of e-discovery are two corporate functions that historically have had little in common, and tend to speak their own technical languages: legal and IT

Neither can be truly effective in the e-discovery process without a clear understanding of the other, yet communication and coordination between these two departments appears to be unclear to many survey participants: More than one-third of respondents (36 percent) don’t know the answer to how their legal and IT departments communicate.

CSC (NYSE: CSC) announced today that the State of California awarded the company a contract to migrate its current multiple e-mail applications to a cloud-based solution with Microsoft Business Productivity Online Suite (BPOS)

Work under this contract will support Governor Schwarzenegger's executive order and the state's efforts to improve information technology (IT) infrastructure, increase government efficiency, save costs and consolidate IT functions under the Office of the State Chief Information Officer.

“This is part of our efforts to consolidate and standardize information technology infrastructure to reduce costs and enhance productivity,” stated Teri Takai, chief information officer of the State of California