Marine corp data breach lesson: human error is often the cause and is preventable

There has been a data breach emanating from the U.S. Marine Corps Forces Reserve that impacted 21,426 individuals. The breach exposed their sensitive personal information such as truncated social security numbers, bank electronic funds transfer and bank routing numbers, truncated credit card information, mailing address, residential address and emergency contact information. Calm down and press the … Continue reading Marine corp data breach lesson: human error is often the cause and is preventable

FMCNA to Pay $3.5 Million for Non-Compliance with HIPAA’s Risk Analysis and Risk Management Rules

Fresenius Medical Care North America (FMCNA) has agreed to pay $3.5 million to the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR), and to adopt a comprehensive corrective action plan, in order to settle potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules. FMCNA … Continue reading FMCNA to Pay $3.5 Million for Non-Compliance with HIPAA’s Risk Analysis and Risk Management Rules

3 Legal Points for InfoSec Teams to Consider Before an Incident

As a teaser to my presentation at SecureWorld - Dallas last week, I did a brief interview with SecureWorld and talked about three of the points I would make in my lunch keynote, The Legal Case for Cybersecurity. If you're going to SecureWorld - Denver next week, join me for the lunch keynote on Thursday (11/2) … Continue reading 3 Legal Points for InfoSec Teams to Consider Before an Incident

Does blasting the SEC for failing to act on warnings help cybersecurity?

On the heels of the Equifax breach, the United States Securities and Exchange Commission (SEC) disclosed on September 20, 2017, that it had been hacked way back in 2016. It further disclosed that about a month ago it learned the hackers may have used their access for illegal online trading. With the SEC's regulatory enforcement … Continue reading Does blasting the SEC for failing to act on warnings help cybersecurity?

Uber’s Settlement With FTC Emphasizes Companies’ Need for Cyber Risk Management Programs

The FTC and Uber have settled the enforcement action the FTC brought against the company. This action stems from Uber's data breach of more than 100,000 individuals' PII despite its promises that their data was "securely stored within our databases." The FTC found this promise was misleading when compared with the actions the company was … Continue reading Uber’s Settlement With FTC Emphasizes Companies’ Need for Cyber Risk Management Programs