This problem was made abundantly clear to the users of the Ashley Madison website. According to CNN, the extramarital affair website’s 37.5 million users are under the threat of having their information shared with the world unless they comply with the hacker’s requests. This is an effective way that hackers can hold a user hostage, but instead of ransoming a loved one or prisoner, it is information that is on the line. Ashley Madison users are only an example; for the average person this is an instance that would not influence their daily lives. However, there are countless other activities that an average person takes part in that could be used to harm, for example, driving. The recent experiment where hackers were able to take over the controls of a Jeep while a passenger was driving should be alarming to any of those who commute regularly. Since hackers were able to control the breaks of the vehicle, serious harm could be inflicted to anyone on the road. Since, according to USA Today, 210 million Americans are licensed drivers, this is an issue that affects almost everyone.

It is becoming a reality that now that everything is done online, we leave a digital footprint in almost everything we do, and this data can be used against us. The key is to recognizing that since everything leaves a trace, than we must be careful about what we post and what activities we choose to do online. Security that detects when our personal issues are being accessed is vital to keep privacy a reality. Effective security could prove to be the difference in being able to live your daily life without fear or being held hostage by it.

Live your life without fear.
Let Aegify help you secure your organizations data and reduce overall risk of being held hostage by the very technology that keeps your business running. To learn more about our Security, Risk and Management solutions please click HERE and register for our LIVE webinar led by Aegify CEO Anupam Sahai on Thursday, September 3 from 11:00 AM – 12:00 PM PDT.

The post How Technology Can Hold You Hostage appeared first on Aegify.

In February of 2015, health insurance provider Anthem Inc. database was hacked, which includes social security and credit card numbers, health information, patient history, and other valuable client information. According to The Wall Street Journal, this database was made up of over 70 million former and current customers, and employees. As of recent, it is believed that the same group of hackers responsible for the Anthem hack is also responsible for a similar data breach to United Airlines. According to Bloomberg Business, this breach provided the hackers with flight manifest data, including passenger information like destination and place of departure, as well as corporate information and business strategy.

Although these stories lack the glamour and creativity of the spy stories that we are so used to, this is how espionage is conducted in today’s world, and it has clearly been extremely effective regardless. While possibly being thousands of miles away, one can collect all the information they would ever need about a person by receiving access to sensitive information through a data breach. This data can be compiled together to create a massive intelligence network without the hacker ever even leaving his home. With a spy’s work becoming much easier, more effective and simpler, security has never been so necessary to defend against an unseen enemy.

Don’t Become The Next Data Casualty
Fortunately, Aegify’s mission is to protect your organization’s data. Aegify provides a single software solution to address your security, risk and compliance concerns. To learn more, please click HERE and register for our LIVE webinar led by Aegify CEO Anupam Sahai on Thursday August 13, from 11:00 AM – 12:00 PM PDT.

When you next encounter a movie about a top secret mission to recover vital information about a corrupt government, consider instead picturing the story’s hero as an average worker, sitting at their desk on a computer while eating a donut.

The post The True Face of Espionage appeared first on Aegify.

In the world of healthcare data security, the Goliaths dominate. However, there is an underdog story in the making in this field too. Healthcare providers are struggling to keep up to date on compliance with changing regulations as well as the technology needed to properly protect their data. For example, 36%-40% of hospitals (depending on size) reported dissatisfaction with their security systems and a need for improvement in the next 12 months.

Many hospitals rely on vendors- 24% specifically according to Peer60 2015 report- to keep security software and programs up to date, while another 11% depend on the same companies to comply with HIPAA regulations. Vendors often do a poor job of explaining their complex systems and this makes it much more difficult for hospitals to implement all of the tools they have been given. Also, many security companies aren’t up to date on current data protection technology. If these hospitals are not taking advantage of all of the features a security solution has to offer and the technology used is not effective, than how safe could your important data really be?

Since a select few large companies run most Network security systems, this complaint with how protection is being managed in hospitals is largely significant to all other security vendors and providers looking to get their name out on the market through innovation and disruption in the market place.. By providing less expensive, easier to use, and more effective data security protection, the smaller and newer security companies can shift demand away from the dominant few that have controlled the market in past years. If the large security companies cannot satisfy, then it is time for the Davids of the data security world to make their mark. This is already happening in the highly evolving Security Monitoring and CyberSecurity arena.

In the recently released Gartner CIO Agenda Report, 2015, CIOs have identified Security & Risk Management as one of their top priorities. Many of your peers have already engaged Aegify to manage their security, risk and compliance efforts. Discover why. To learn more about how to protect important data, please click HERE to watch our excellent 55 minute presentation on how to protect your company from cyber attacks.

The post Security Goliaths Have Had Their Time, But Here Comes David appeared first on Aegify.

The top level executives at the organisation agree to the fact that they have been a target of the attack by cyber criminals who gained unauthorized access to their IT system. However, based on digital forensics investigation reports, they are positive that no credit card data or medical records have been compromised. Nevertheless, the breach of 80 million data as per records is the biggest in history that brings to fore, today’s need for deploying industry-standard “sophisticated” defences. Encryption of data is a critical aspect to secure accessibility of any corporate database.

While this is nightmare for the affected individuals, is not a lone case. Other recorded incidents include

• Data breach at Montana Dept, of Health and Human Services where hackers gained access to a server leading to an estimated 1.3 million affected individuals.
• Breach at Community Health Systems Inc., which exposed the personal data of an estimated 4.5 million people.

With continuing data breaches, information security has attained critical importance across enterprises. An essential proactive step is to assess your assets and estimate the level of risk with key assets. Following this with an assessment of the security controls would have helped Anthem identify the gaps and plug those gaps with appropriate remedial measures. Tools like Aegify helps organization to assess their security, risk, and compliance posture and to help them take proactive measures to fix the security lacunae.

Aegify services, offered as a cloud-based model, includes all security and IT GRC functions. Equipped with a built-in compliance framework that supports HIPAA, RBI, NSE, BSE, MCDEX, PCI, ISO, COBIT, FISMA and other country based ones, Aegify also has advanced alert and monitoring systems that makes it a complete end-to-end automation solution for all security, audit, compliance and risk management needs of an enterprise.

The post Enterprises need to be proactive to Avoid Anthem Fate appeared first on Aegify.

According to the annual study conducted by Ponemon Institute, the average cost of a compromised customer record can cost the enterprise anywhere from 4 to 156 USD. Further, leaked customer data leads to loss of reputation, customer abandonment and even fines, settlements and compensation fees. While the earlier data breaches at Sony PlayStation compromised 77 million user accounts, the recent one compromised 25 million.

Experts warn Big Businesses to Learn from Sony Pictures ‘Epic Nightmare’ Hack

Enterprises make use of different methods to detect and prevent leakage of each type of data. However, accidents such as that occurred at Sony have caused customers to turn to their competitors. Security experts therefore warn big businesses to learn from the Sony’s ‘Epic Nightmare’ Hack which broke last month when a group operating under the #GOP attempted to blackmail the firm. The cyber criminals hacked into Sony’s computer systems and paralyzed their operations and tapped into their trove of hypersensitive data. As an aftermath was the steady flow of revelations which included top employees’ salaries and nasty emails shared across various sites and lead to the former employees’ suing the company for data breach.

Security experts are of the opinion that enterprises need to invest more in their network security without being too concerned about the costs inferred. For Sony Corp. cleaning up the mess from the latest attack is going to cost millions. Enterprises need to be well prepared to respond to attacks with regular backups. Monitoring network traffic, ensuring use of updated versions of operating systems and applications and use of firewalls will help to protect valuable data. However, with Sony’s case being one wherein the intruders stole more than 25 gigabytes of sensitive data on tens of thousands of Sony employees, including Social Security numbers, medical information, name, location, employee ID, network user name, base salary and date of birth of more than 6,800 individuals. However, the endless leaks and crazy details emerging points to the fact that attacker had gained access to unknown number of internal systems at Sony.

The hack estimated to have cost Sony $100 million was a result of their security loopholes. Vulnerability monitoring and risk assessment have to be continuous. To avoid such situations, enterprises can deploy cloud based solutions for IT security and compliance management, vulnerability analysis and risk management. Aegify, a flagship product effectively addresses risk management, IT security and compliance. Offered as Software-as-a-service, this solution targets small, medium and large enterprises and is an easy-to-use cost-effective solution.

The post Sony Pictures Employee Data Breach – Valued lessons for the Digital World appeared first on Aegify.

According to the Queens County District Attorney’s Office, these clerks had inappropriately accessed computer records of 250 patients. These records contained information including dates of birth, addresses, phone numbers, Social Security Numbers, and details of injuries and medical conditions of patients who were treated at the emergency department of Jamaica Hospital.

The District Attorney of Queens County, Richard Brown said that the defendants were accused of blatantly violating their HIPAA obligations and trolling through patient health records, because of which, patients who were taking treatment at the hospital have been victimized with illegal release of their personal and medical information. It is believed that some of these affected patients were contacted by lawyers and ‘medical mill’ healthcare providers soliciting their business while they were still receiving treatment in the ED of Jamaica Hospital.

The defendants Maritza Amandor and Dache Prawl will face multiple charges including computer trespass, second-degree unlawful possession of personal identification information and unauthorized use of a computer. They may face up to four years imprisonment if convicted. But the hospital is also likely to bear the brunt of this incident for failing to protect patient records adequately. This is yet again a warning bell to healthcare entities that have not done enough to safeguard patient health information from outsider as well as insider threats. A simple yet effective solution such as Aegify Security Posture Management or Aegify SecureGRC can help prevent such breaches from happening and can provide the ideal platform for comprehensive data security.

The post Internal Threats Are No Myth – Jamaica Hospital Stands Testimony appeared first on Aegify.

Officials have confirmed that the stolen computers contained sensitive data including Social Security Numbers, billing information, demographic data, dates of birth and other protected health information such as medical diagnoses.

Making a statement on March 6th, Vice President and Head of Healthcare Compliance at Sutherland Global Services, Karen J. Pugh said that the organization regrets the inconvenience caused and is reviewing policies and procedures concerning information security, while also providing additional training to the workforce.

Since the compromised information includes Social Security Numbers, Sutherland is offering credit monitoring services to the patients involved.

Encryption- The Key Security Mantra

Time and again the Department of Health and Human Services’ Office for Civil Rights has been emphasizing the importance of encrypting data to protect patient information. Even in the past month, Susan McAndrew, Deputy Director for Health Information Privacy at OCR reinforced the importance of encryption while speaking at HIMSS14, where she particularly emphasized the need to encrypt each and every device that leaves the office. However, breach incidents like this one continue to occur, revealing that several healthcare entities and their business associates are yet to take the need for encryption seriously.

It is worthy of noting that theft currently accounts for a major share of HIPAA privacy and security breaches, representing 48 percent of all breaches reported. Till date, covered entities and business associates have settled $18.6 million in penalties for HIPAA violation, out of which, $3.7 million has been settled last year alone. And these numbers do not include the state and private legal settlements.

The disturbing fact is that protected health information of about 30 million individuals has been compromised due to HIPAA privacy and security breaches till date. And this number only seems to be growing. With HIPAA audits all set to begin this year, healthcare providers and their business associates have to take serious steps to protect health information. Comprehensive security solutions such as Aegify Security Posture Management and Aegify SecureGRC can ensure data encryption, periodic risk assessments, and help them steer clear of security incidents.

The post Latest HIPAA Breach Brings Bad News to 169k Individuals appeared first on Aegify.

Adding to the number, is a class action lawsuit filed against insurer Horizon Blue Cross Blue Shield of New Jersey, following a data breach which occurred late last year. This lawsuit will be one among the many breach-related suits in healthcare and other industries, to be filed this year.

Horizon had notified 840,000 members about the breach incident. The affected members, whose social security numbers may have been compromised, are being offered free credit monitoring and identity theft protection for one year, according to the company. However, the plaintiffs in the case, Karen Pakelney and Mark Meisel are suing the insurance company for failing to secure and safeguard sensitive, personally identifiable information adequately. They have alleged the insurer of acting negligently and of violating the Fair Credit Reporting Act and the New Jersey Consumer Fraud Act, and are seeking unspecified damages.

However, according to a Horizon Spokesperson, the lawsuit is without merit, and the company intends to defend itself vigorously. But one thing is for sure. This lawsuit opens the floodgates to many more such breach-related lawsuits, and it can be expected that settlements in such cases could be substantial.

David Navetta of the Information Law Group points out to the court ruling in 2011 in favor of the payment card breach victims who were affected by the 2007 breach involving Hannaford, a grocery chain in northwestern United States. He says that the ruling in this case meant that victims of the breach could sue for damages resulting from the costs of card replacement, theft, insurance and other reasonable mitigation efforts, and emphasizes that government enforcement actions related to breaches are heating up in healthcare.

According to Navetta, breaches such as the one involving Horizon and the recent complaint filed by the Federal Trade Commission against the medical testing firm LabMD, highlight the importance of data protection and prompt breach notification, and also bring the importance of cyber-insurance to the forefront. He points out that such cases could turn out to be very expensive to fight, and could potentially put small healthcare entities out of business. LabMD for example, had announced in January this year that its Atlanta-based medical testing lab would be winding down operations because of the cost of fighting the battle with the Federal Trade Commission over the breach case.

It does look very likely that 2014 will be the year of lawsuits for the healthcare sector as predicted by experts. However, the most important lesson for healthcare providers to take home is that data protection and breach prevention are to be taken with utmost seriousness. Providers have to adopt comprehensive security solutions such as Aegify Security Posture Management or Aegify SecureGRC in order to be able to identify vulnerabilities and detect threats in their systems and prevent breaches, rather than facing legal action and suffering dire consequences. The in-depth certification courses offered by 4Med could further strengthen your compliance understanding in remaining secure and compliant.

The post 2014 – The Year of Data & Privacy Lawsuits? appeared first on Aegify.

The Department of Health and Human Services confirmed that this major breach incident is the second largest health data breach reported so far in 2013. A noteworthy fact is that the three largest breach incidents in 2013 have involved thefts of unencrypted computers. This clearly reveals that lack of encryption remains one of the top reasons for data breaches.

A review led by forensic experts at Horizon Blue Cross Blue Shield confirmed that the stolen laptops may have contained files with varying levels of patient information, including names, addresses, identification numbers, dates-of-birth, some amount of clinical information, and in some cases, social security numbers too. However, it was not clear whether all of the information stored in these laptops is accessible. The company is notifying over 839,700 members about the breach, and those whose social security numbers may have been compromised will be offered free credit monitoring and identity theft protection for one year. The company is working with law enforcement to locate the stolen laptops, and is also strengthening encryption processes. Enhancing policies and procedures and educating staff about security of member information is also one of its immediate goals.

This incident is a clear warning bell that irrespective of the physical security measures, encrypting PHI stored on mobile/desktop computing devices is a crucial task. While physical safeguards are important too, unless data is encrypted, there will always be significant risks posed by insider threats, and others who have access to locked facilities.

Why Encrypt?

According to Adam Greene, a privacy attorney, there is no substitute for encryption or the use of a data loss protection technology that can ensure that data is kept centrally and does not end-up on the end-user device. Moreover, those entities that fail to encrypt PHI will find it hard to defend themselves during breach investigations and other such regulatory actions. And with the cost of encryption reducing significantly, the government has great expectations from entities for employing this method to secure PHI. So, physical safeguards will no longer suffice.

And not to forget, the penalty for non-compliance under the HIPAA Omnibus rule may go up to $1.5 million per violation. So entities are better-off paying for encryption and preventing a breach, rather than being subject to such high penalties. Solutions like Aegify Security Posture Management or Aegify SecureGRC could prove extremely useful in preventing data breaches from taking place. They address the need for encryption while also providing comprehensive security for PHI, making them ideal for healthcare providers, their business associates and subcontractors to ensure PHI is safeguarded throughout its lifecycle.

The post Lack of Encryption Causes Major Breach, Yet Again appeared first on Aegify.

The report revealed that physical breaches involving stolen/lost unencrypted devices were larger and affected more number of people on an average. The law, requiring state agencies to report breaches involving more than 500 individuals, was enacted in California for the first time in 2012, and the state’s Attorney General Kamala. D. Harris recently issued the first public report detailing the breaches. Announcing the report, Harris said that data breaches are a serious threat to privacy, finances and personal security.

Encrypting digital personal information is the key to privacy and security, according to Harris, who said that encryption could have prevented defaulting organizations from putting over 1.4 million Californians at risk. However, it is noteworthy that California is not the only place where breaches involving unencrypted devices are reported. Over the past few years, the infamous ‘Wall of Shame’ in the US Department of Health and Human Services has seen a number of breaches involving unencrypted data, and most commonly mobile devices.

The breach report reveals that failure to protect physical information assets was the major cause of these breaches, affecting 40,223 people on an average. This is further proven by the fact that two of the five largest breaches, namely the breach at California Department of Social Services involving loss of a computer storage device, and the breach at Emory Healthcare involving missing storage disks, were in the ‘physical’ unencrypted category.

Although healthcare providers were involved in a few larger breaches in the state of California, the retail industry topped the list with 34 breaches, which is 26% of the total number of breaches. This was followed by the finance and insurance sector with 30 breaches, or 23% of the total. Healthcare came third with 19 breaches representing 15% of the total.

This report however offers certain key takeaways. Firstly, healthcare entities should know that encryption is a must, and that one good reason to get the encryption program started soon is the HIPAA Omnibus Rule, which necessitates encryption. Covered entities should remember that non-compliance under the HIPAA Omnibus rule can attract penalties up to $1.5 million per violation, and that the compliance deadline is September 23rd, which is just two months away.

The Attorney General’s report makes it obvious that enforcement related to encryption would be one of the top priorities of the office, and acts as a warning to healthcare entities about how to keep their names out of the breach totals for the coming year. Aegify Security Posture Management or Aegify SecureGRC can prove valuable at this point, by helping organizations prioritize their compliance initiatives and offering a framework of best practices to achieve compliance with the HIPAA Omnibus Rule.

The post Unencrypted Data- An Ongoing Problem appeared first on Aegify.