Home | Login      
Cyberczar Coming
Cyberczar Coming In the East Room of the White House this morning, President Obama discussed his administration's commitment to improving cybersecurity and confirmed that a cybersecurity "czar" will oversee these efforts, reports the Boston Globe. The vetting process for that position is ongoing, according to a Washington Post report, but the person will be a member of the National Security and National Economic Councils. The announcement follows a 60-day cybersecurity review and ... (more)
Aetna Contacts 65,000 After Web Site Data Breach
In the latest breach to hit the wire, Aetna is erring "on the side of caution" in notifying 65,000 people about a breach of its Web site, reports PCWorld. The insurance company last week sent letters to current and former employees to let them know about the compromise, which impacted Aetna's job application site. The site contains names, phone numbers, e-mail and mailing addresses for hundreds of thousands of job applicants. Social Security numbers for 65,000 applicants were ho... (more)
Secret Questions
I just logged onto my online banking account from a new location and was prompted to answer a "secret question" as a secondary source of "something I know." The experience reminded me of a recent Blog post by Internet security guru Bruce Schneier. I've known Bruce for many years, although he most likely doesn't remember me. We became acquainted during my time as VP of Worldwide Marketing at CyberGuard. He once wrote that the problem with using "secret questions" for authentication is that the... (more)
Electronic Medical Records Moving Ahead
Ironically, just 3 weeks ago a hacker broke into the Virginia Department of Health Professions and demanded $10 million in ransom Democratic Senator Mark Warner is pushing a $20 Billion plan to create a nationwide electronic medical record system. I wonder if President Obama has considered HIPAA costs in his healthcare reform package. ... (more)
Johns Hopkins Employee May Have Stolen Patient Data
Johns Hopkins is alerting more than 10,000 of its hospital patients that they may have been victims of identity theft. An investigation suggests a former employee who worked in patient registration may have illegally accessed their records in the course of her work. The employee, whom the hospital says it expects to be indicted, had access to information such as dates of birth and Social Security numbers, but not to any health or medical information, according to the letter. The letter notes... (more)
New Security Regulation in South Africa
Several years ago, seven I think, SoftTree developed DB Audit for a NY banking client. We did so because there was a lack of commercially available tools in the market. Today an increasingly regulated world has made DB Audit very popular tool for a variety of industries, but particularly so in financial services. A myriad of regulations have forced our clients to take a hard look at where information resides within their systems, and, more importantly, whether access to that information exposes ... (more)
Companies of all sizes need database security!
Newton Manufacturing, the small Iowa-based small 120 person promotional product distribution company recently discoverd that hackers acquired customer data in repeated intrusions. In what was likely a nasty shock, Newton executive learned that any company can be a target. A recent security audit revealed that the company’s databases had been breached in September 2008, October 2008, and February 2009. Hackers apparently accessed and acquired customers’ personal information including names,... (more)
Audit Reveals "Shocking Findings"
I arrived home this afternoon to find the latest issue of NetworkWorld in my mailbox. Most times I scan and circular file the periodicle. Today I read with interest the results of a data leakage audit at a Boston-based pharmaceutical firm. During the 15-day review, auditors examined outbound e-mail, FTP and Web communications, revealing 11,000 potential leaks, more than 700 critical information leaks and violations of Payment Card Industry and other security standards. Among the "worst leaks" co... (more)
What a coincidence - The Virginia Health database has been compromised.
Yesterday I stated that the high-profile breaches have been the catalyst for a flury of regulation and the need for database auditing. Today we learned that the Virginia Health database has been compromised, and now hackers are seeking a $10M ransom for return of the records. "I have your [expletive] In *my* possession, right now, are 8,257,378 patient records and a total of 35,548,087 prescriptions," the hacker said in a ransom note. "Also, I made an encrypted backup and deleted the origina... (more)
Database Auditing Anecdotes
Database auditing and compliance reporting has become a very hot topic for SoftTree customers. We originally developed DB Audit Expert in 2005 to provide our customers with a simple tool to analyze the impact of database schema changes and system events. Little did we know that a seemingly daily stream of headline-grabbing data breaches would result in a flurry of regualtory mandates such as SOX, HIPAA and PCI. The net impact of such regulations being that enterprises are scrambling to shore up ... (more)
      December 2012 (1)
      October 2009 (1)
      August 2009 (5)
      July 2009 (5)
      June 2009 (7)
      May 2009 (10)
      April 2009 (3)