There seems to be a new scientific study published every day—like this one that alleges that eating cheese every day might actually be healthy. Understandably, many of these studies fly under the radar — but two recently published reports regarding cybersecurity and health care should not. These two reports show that the healthcare industry in particular is continuing to struggle with cybersecurity issues. Understanding the vulnerabilities revealed by these studies is important to healthcare organizations attempting to reduce their cybersecurity risks and legal liabilities.… More
Tag Archives: Encryption
Presentation: The Legal Benefits and Practical Problems of Data Encryption in the Workplace (and Elsewhere)
Partner Colin Zick was recently invited to speak to the Union College Computer Science Department’s Seminar Series. His presentation addressed the difficulties in implementing encryption in the workplace, the challenges to encryption from law enforcement, and the future of encryption in light of U.S. v. Microsoft and the coming GDPR.
Hospitals are increasingly the target of hackers, particularly in the form of “ransomware.” What follows is a primer on ransomware and how to avoid being a target of it.
What is ransomware?
State Securities Regulators in Massachusetts and Illinois Survey Investment Advisors on Cybersecurity Practices
Picking up on the SEC’s initiative to assess cybersecurity preparedness discussed here previously, state securities regulators in Massachusetts and Illinois sent to investment advisors registered in their respective states a survey on their cybersecurity practices.
The Massachusetts surveys were sent on June 3 and a response is due on June 24. William F. Galvin, Secretary of the Commonwealth, whose jurisdiction includes the Massachusetts Securities Division,… More
I usually do not re-post directly from the FTC, but given the timeliness of the subject, the wide impact of the problem and the technical nature of the issue, I thought it was warranted to re-post the FTC’s guidance on Heartbleed. Talk to your IT folks about this sooner rather than later:
By Nicole Vincent Fleming
April 11, 2014 –… More
It was revealed recently that Sony’s on-line services were the subject of another significant attack. This incident, however, did not exploit a vulnerability in Sony’s security infrastructure so much as it highlighted the cascading effect of data breaches.
Sony Breach Update: The Scope Expands, While Consumers Wait for Answers About How and Why It Happened
The scope of the Sony data breach is growing, but the public focus continues to be on Sony’s actions following the breach, rather than on steps to prevent or mitigate events like these in the first place. As we noted earlier, this focus emphasizes a de facto burden-shifting, in which consumers bear the risk of using on-line or other services, and also are left to face the consequences of any resulting identity theft.… More
You Call That a Password? Passwords Used to Protect Personal Health Information in Clinical Trials Are Cracked More Than 90% of the Time
In a recent article in the Journal of Medical Internet Research, the strength of passwords in clinical trials was analyzed. In all cases that were examined, "the recovered passwords were poorly constructed, with names of local locations (e.g., “ottawa”), names of animals (e.g., “cobra”), car brands (e.g., “nissan”), and common number sequences (e.g., “123”)."
This week cryptographers Karsten Nohl from University of Virginia and Erik Tews of the Darmstadt University of Technology announced that they had broken the DECT encryption standard. Who cares, you ask? The Digital Enhanced Cordless Telecommunications or DECT standard is what prevents someone parked outside your house from being able to listen in on telephone conversations you are having on your 1.9 GHz DECT cordless phone. (So, that’s what that label on the receiver means.)
Nohl told Dan Goodin from The Register that he cracked the code by putting the DECT chip under the electron microscope and then comparing his findings with information disclosed in the published patent(s). … More
In the first instance of a state attorney general exercising the new powers granted by the Health Information Technology for Economic and Clinical Health Act ("HITECH Act"), Connecticut Attorney General Richard Blumenthal (and recently announced candidate for the U.S. Senate) filed suit today against Health Net of Connecticut, Inc. for failing to secure private patient medical records and financial information involving 446,000 enrollees in Connecticut and for failing to promptly notify consumers of the security breach.… More