Privacy Attorney Lisa Sotto says the Epsilon e-mail breach is a warning about the state of data security employed by some third-party service providers. Strong contracts related to security practices must be the norm, not the exception.
The National Institute of Standards and Technology and the Department of Health and Human Services' Office for Civil Rights will hold their fourth annual healthcare information security conference May 10-11 in Washington.
"Persistent" is the operative word about the advanced persistent threat that has struck RSA and its SecurID products. "If the bad guys out there want to get to someone ... they can," says David Navetta of the Information Law Group.
"It is the biggest breach we have ever seen; and to say no financial information has been stolen is, well, understating the massive breach and concern," says Neil Schwartzman, founder and chief security specialist at CASL Consulting.
NACHA has posted an alert about a targeted phishing scam that appears to be hitting recipients up for ACH transaction details. Reports of phishing e-mails appearing to be from the Internal Revenue Service have also cropped up this week.
After the revelation of Operation Aurora, the term began to take on a different meaning. "In essence," IBM's X-Force report says, "APT became associated with any targeted, sophisticated or complex attack regardless of the attacker, motive, origin or method of operation."
Although many hospitals and clinics are paying attention to HIPAA and HITECH Act compliance, they also need to train their staffs on how to crack down on identity theft and credit card fraud, security specialists say.