Tag Archives: Encryption

Recent Reports Confirm Continuing Vulnerability of Healthcare Industry to Cyber Issues

There seems to be a new scientific study published every day—like this one that alleges that eating cheese every day might actually be healthy. Understandably, many of these studies fly under the radar — but two recently published reports regarding cybersecurity and health care should not. These two reports show that the healthcare industry in particular is continuing to struggle with cybersecurity issues. Understanding the vulnerabilities revealed by these studies is important to healthcare organizations attempting to reduce their cybersecurity risks and legal liabilities.… More

How Hospitals Can Avoid Being the Next Ransomware Victim

Hospitals are increasingly the target of hackers, particularly in the form of “ransomware.”  What follows is a primer on ransomware and how to avoid being a target of it.

What is ransomware? 

Ransomware is a type of malware that limits users’ access to their computer systems. It functions by locking a user’s system and/or encrypting its files.… More

State Securities Regulators in Massachusetts and Illinois Survey Investment Advisors on Cybersecurity Practices

Picking up on the SEC’s initiative to assess cybersecurity preparedness discussed here previously, state securities regulators in Massachusetts and Illinois sent to investment advisors registered in their respective states a survey on their cybersecurity practices.

The Massachusetts surveys were sent on June 3 and a response is due on June 24. William F. Galvin, Secretary of the Commonwealth, whose jurisdiction includes the Massachusetts Securities Division,… More

FTC Provides Guidance on Heartbleed

I usually do not re-post directly from the FTC, but given the timeliness of the subject, the wide impact of the problem and the technical nature of the issue, I thought it was warranted to re-post the FTC’s guidance on Heartbleed.  Talk to your IT folks about this sooner rather than later:

By Nicole Vincent Fleming

April 11, 2014 –… More

Most Recent Sony Breach Illustrates the Cascading Effect of Data Breaches

It was revealed recently that Sony’s on-line services were the subject of another significant attack. This incident, however, did not exploit a vulnerability in Sony’s security infrastructure so much as it highlighted the cascading effect of data breaches.

Rather than try to scale any fences or jimmy any windows, this attack used account holders’ own keys to open the front door. According to a statement by Sony,… More

Sony Breach Update: The Scope Expands, While Consumers Wait for Answers About How and Why It Happened

The scope of the Sony data breach is growing, but the public focus continues to be on Sony’s actions following the breach, rather than on steps to prevent or mitigate events like these in the first place. As we noted earlier, this focus emphasizes a de facto burden-shifting, in which consumers bear the risk of using on-line or other services, and also are left to face the consequences of any resulting identity theft.… More

You Call That a Password? Passwords Used to Protect Personal Health Information in Clinical Trials Are Cracked More Than 90% of the Time

In a recent article in the Journal of Medical Internet Research, the strength of passwords in clinical trials was analyzed. In all cases that were examined, "the recovered passwords were poorly constructed, with names of local locations (e.g., “ottawa”), names of animals (e.g., “cobra”), car brands (e.g., “nissan”), and common number sequences (e.g., “123”)." 

This result comes as no real surprise.  These conclusions build on prior studies … More

Incident of the Week: Patents Help Crack Encryption Used in Cordless Telephones

This week cryptographers Karsten Nohl from University of Virginia and Erik Tews of the Darmstadt University of Technology announced that they had broken the DECT encryption standard.  Who cares, you ask?  The Digital Enhanced Cordless Telecommunications or DECT standard is what prevents someone parked outside your house from being able to listen in on telephone conversations you are having on your 1.9 GHz DECT cordless phone.  (So, that’s what that label on the receiver means.)

Nohl told Dan Goodin from The Register that he cracked the code by putting the DECT chip under the electron microscope and then comparing his findings with information disclosed in the published patent(s). … More

Connecticut AG Opens New Era in HIPAA Enforcement with Health Net Suit

In the first instance of a state attorney general exercising the new powers granted by the Health Information Technology for Economic and Clinical Health Act ("HITECH Act"), Connecticut Attorney General Richard Blumenthal (and recently announced candidate for the U.S. Senate) filed suit today against Health Net of Connecticut, Inc. for failing to secure private patient medical records and financial information involving 446,000 enrollees in Connecticut and for failing to promptly notify consumers of the security breach.… More