More than three years ago, Anthem, Inc. reported to the U.S. Department of Health and Human Services, Office for Civil Rights (OCR) that it suffered a cyber attack compromising the protected health information of nearly 79 million individuals. This breach continues to be the largest breach of protected health information to date.  Yesterday, OCR announced its record-breaking $16 million settlement with Anthem related to the massive breach. 
Continue Reading

In the first installation of our weekly series during National Cybersecurity Awareness Month, we examine information security plans (ISP) as part of an overall cybersecurity strategy.  Regardless of the size or function of an organization, having an ISP is a critical planning and risk management tool and, depending on the business, it may be required by law.  An ISP details the categories of data collected, the ways that data is processed or used, and the measures in place to protect it.  An ISP should address different categories of data maintained by the organization, including employee data and customer data as well as sensitive business information like trade secrets.
Continue Reading

In recognition of National Cybersecurity Awareness Month, each Friday this October, we will highlight a different step that organizations can take to increase awareness of potential cyber threats, reduce the risk of a cyber attack or minimize damage from an attack.  All four steps are solutions that all organizations, regardless of size or budget, can implement. Specifically, over the course of the month we will examine information security plans, training, vendor due diligence and data retention and destruction, as tools organizations can use to arm themselves to both prevent and in the event of a cyber attack. 
Continue Reading

After a data breach at VTech revealed practices that allegedly violated the FTC Act and the Children’s Online Privacy Protection Act (COPPA), VTech settled for $650,000 and agreed to implement a comprehensive data security program subject to audit for the next 20 years.  VTech makes children’s electronic learning products.  The FTC complaint alleged that VTech’s

W-2 phishing season is just a few weeks away.  For the past several tax seasons, cyber criminals have duped hundreds of payroll departments into providing W-2 information on their employees, which results in the filing of fraudulent tax returns and other identity theft issues.  These attacks are incredibly disruptive to employees, extremely expensive for employers and are completely avoidable with some training. 
Continue Reading

On Friday, May 12, 2017, a damaging ransomware attack swept across more than one hundred countries and infected tens of thousands of computers. As is becoming all too common, the hackers transmitted the ransomware via a phishing e-mail, and then, once the user clicked the bait, the hackers used a method thought to have been developed by the National Security Agency, and locked businesses out of their systems. The ransomware impacted businesses both large and small, notably including sixteen of Great Britain’s hospitals forcing them to turn patients away, FedEx, the Russian Interior Ministry and a large Spanish telecommunications company. While in the wake of the attack, affected businesses must focus on damage control and clean-up, unaffected businesses should react and take steps to protect themselves ahead of being on the receiving end of the next cyber incident. Accordingly, here are five things that all businesses can do.
Continue Reading