INSIDER THREAT SECURITY BLOG

A year after the actual laptop filled with 620,000 person’s personally identifiable information (PII) and personal health information (PHI) was stolen from Medicentres Family Care Clinics, Danielle Smith of the Wildrose Party in Alberta Canada asks: “Why did all of this information exist in a single file on a computer in the first place?” I’m sure it was the same old reasons. Most of the time it’s about a worker who is high on work ethic, but low on security awareness trying to do what they s…

As we ring in the New Year, I think it’s important to take a moment to reflect upon and analyze some of the changes or updates to the Payment Card Industry Data Security Standard, commonly referred to as PCI DSS. Version 3.0 is effective and although Version 2.0 will remain active until December 31, 2014, organizations looking to remain compliant with the regulation should definitely take notice of the new changes, as it will help to mitigate their risk exposure. The changes, outlined below,…

It’s not every day you can take two things that are independently great and combine them to create something truly extraordinary. Although examples of this momentous event through history range, from a simple cellphone being given the power of a small computer, to the monumental revelation of combining a nacho cheese Dorito chip with a hard-shell taco – we have been shown that this is a rarity, with only few exceptions being able to achieve the accomplishment. And now, STEALTHbits proudly jo…

Four years; yes, you read that correctly, four years later approximately one thousand patients of Riverside Health System of Virginia were notified they were victims of a privacy breach. The fact that a healthcare provider was breached seems to be a common headline in the news these days. Personally what makes this breach even more interesting was the fact that it was discovered after a random audit. Riverside Health System spokesperson Peter Glagola said in a statement, “We have a robust com…

There’s no denying it’s that magical time of the year again. One can sense in the air all around them the graceful falling of snowflakes, the soothing tones of seasonal choruses, the faint smell of fresh pine, and, of course, the blaring car horns and shouted expletives of drivers stuck in traffic trying to get to their local mall. Yes, I am obviously referring to the gradual and upcoming end of the 2013 holiday shopping season – a time that, contrary to popular belief, generally does not co…

One of the many undeniable facts of the 21st century is that we live in a time of ever-expanding globalization. People everywhere are connected. Events that occur at opposite ends of the earth can make ripples in various places across the entire world. So, when a document from the “Commission de Surveillance du Secteur Financier” in Luxembourg entitled, “Circular CSSF 13/554” (CSSF for short) came across our desks earlier last week, we dove right into it. Finding the translation of the legal …

Although the HIPAA Omnibus rule was implemented on March 26th, 2013, businesses everywhere were given roughly 6 months to comply with the new standards. Fast forward 180 days and as it would appear the deadline has passed four days ago, on September 23rd. This means that if you are the member of a company or business in the healthcare industry (or have direct relation to it), and are somehow hearing about this for the first time through me (you’re welcome), it’s probably time to become compli…

WHAT THE ‘COSMOS’ CAN TEACH US ABOUT UNSTRUCTURED DATA How is it that something can be so incredibly large and minutely small at the same time? If you’re as fascinated by natural science as I am, then you’re likely also watching Neil deGrasse Tyson’s reboot of the ‘Cosmos’ series. Maybe it makes you think about planets, our solar system, or maybe our galaxy. You may have thought about it in the opposite direction, in the context of atoms, neutrons, electrons, and protons. Regardless of which …