|
|
Like this article? PLEASE +1 it! |  |
|
Yet Another Avoidable Security Breach At UCLA
| Guest post by: Dovell Bonnett |
Article Overview: UCLA recently agreed to pay a penalty of $865,000 for a series of HIPPA violations and now they are forced to reveal that the theft of an external hard drive from a former employee’s home has created the fears of yet another security breach. Plus, UCLA is offering 16,288 patients credit and fraud protection services.
 |
Free Download - Zappos Data Breach - Customer Safety and Security By Dovell Bonnett |
Yet Another Avoidable Security Breach At UCLA
UCLA recently agreed to pay a penalty of $865,000 for a series of HIPPA violations and now they are forced to reveal that the theft of an external hard drive from a former employee’s home has created the fears of yet another security breach. Plus, UCLA is offering 16,288 patients credit and fraud protection services.
This was a remarkably silly and avoidable breach. According to the news reports, the information on the hard drive was encrypted, but the password necessary to unscramble the information was written on a piece of paper near the hard drive and cannot be located.
I continue to preach this about passwords; it is not necessarily that the passwords are insecure, rather it is how people manage them. And in this case, the password was managed quite stupidly. Unfortunately, this is all too common.
16,000 UCLA patients have been advised that while there is not yet any evidence that patient information has been accessed, the fact remains that now patient names, birth dates, medical record numbers, addresses and medical record information are potentially up for grabs by cyber-thieves. According to a statement from UCLA, the documents did not contain Social Security numbers.
According to the UCLA Public Notice, “UCLA Health System is reviewing its policies and procedures and will make any necessary revisions to help reduce the likelihood this will happen again,” according to the statement. “In addition, UCLA Health System will provide additional education and awareness to its workforce members regarding the appropriate methods for storing patient information.
This was an easily avoidable problem. What is needed where password security is paramount is a multi-factor, password manager that also authenticates the user.
Power LogOn by Access Smart could have easily prevented this breach because the employee would have had no need to write the password ANYWHERE!
And IT could have blocked the password so the former employee wouldn’t even know the decryption password so it COULDN’Tbe written on a piece of paper.
Data Security is Mandatory
What To Do When Your Company Network Is Hacked
Chinese Computer Hacking of Chamber of Commerce has Already Hurt Your Business
An Identity Theft Call Center - A Necessity In Today's Information Age
Key 2011 Hacker Prevention Lessons
Email Protection: As Important as Password Protection
Professional Indemnity Insurance why you must have it
Managing your Brand in an Insecure World
ISSA's SoCal Security Symposium
Preparing for Security Breaches
Retail Security
Mobile Privacy – 4 Points to mobile app developers
Are You Ready for Data Security Compliance Language?
Leadership Assessment #20 – Lowers Credibility Gap
Shady RAT World Wide Hacking
Sued for Someone Else's Breach of Contract
Zero Gravity Business: LifeLock
Is Your Cloud Provider Sidestepping Security?
Password Strategies That Keep You Safer
SECURITY CLEARANCES
Article Tags: identity theft, internet security, password management, smart cards
|
About the Author: Dovell Bonnett RSS for Dovell's articles - Visit Dovell's website Security does not have to be cumbersome to be affective. That is why our products are designed using state-of-the-art security technologies while focusing on ease-of-use and low cost-of -ownership. Previously, smartcard technology was only available to governments and Fortune 500 companies. Access Smart has turned that model upside down by matching the technology to the needs, no annual subscription fees and fully transferable licenses to keep security affordable to even high employee/student turnover businesses. The Access Smart team has over 50 combined years in the smartcard and security industry. By addressing the very real problems from a systems mindset, Access Smart delivers everything for a company to implement AaaS within hours and not months/years. Please contact Dovell Bonnett at Access Smart as to discuss how best to implement Authentication, Authorization and Non-Repudiation into your business. Access Smart - The Alternative to PKI. Click here to visit Dovell's website   Key 2011 Hacker Prevention Lessons My 3 Top Security Strategies for 2012 HP ProtectTools Solution ISSAs SoCal Security Symposium MORE HACKING WHEN WILL IT STOP |
Related Forum Posts
Re: What's the best anti-virus/spyware software?
- I use home AVG Internet Security and I'm pretty satisfied with it.
Marketing a company
- Jeff,
I know who my target market is: Defense contractor doing business with the Federal Government
My product is: Providing security consulting services for companies that must abide the National Security requirements.
How can I inform theses contractors about my services?
Thanks
Diane
Re: Google Calendar
- Hi Mary,
On FireFox go to Tools --> Options --> Security There is a box that says: Remember passwords for sites, check it.
Next time you enter a PW firefox will ask you if you want to save it.
If you go to security again you will see a button "Saved Passwords" click on it and it will open the list, with all the PW hidden, you can choose to hide or show them.
Re: Obama Wants Social Security for Illegals
- [quote="wizzymi":2qb0dt9r]This monring I got a mail from the newswatch magazine I subscribed for that: Obama Wants Social Security for Illegals!
Millions of illegal aliens in the U.S.
Barack Obama’s plan gives a driver’s license to any illegal who wants one.
But that’s not all.
Obama’s plan gives illegals social security benefits and raises taxes for his health care plan to cover them.
Who pays? You do.
Driver’s licenses and government benefits for illegals.
Higher taxes for us. That’s Obama’s plan.
Obama. Too radical. Too risky.
The National Republican Trust PAC is responsible for the content of this advertisment.
In think this is a political propaganda, in order to discredit the candidancy of Obama.
Or will it be true? What impact do you think will have on entrepreneurs in america?[/quote:2qb0dt9r]
Sounds like his idea to give "tax breaks" to people who don't even pay taxes. But, he finally changed his answer to that one and supposedly his website says that there will be some employment requirements for these supposed "tax breaks". There appear to be plenty of potential reprecussions for entrepreneurs with Obama's plans. There isn't enough money in the Social Security system now - giving more away to people who haven't paid into it could be the final nail in that coffin.
Shri
Re: HOw to market a B2B consulting company
- How about providing a white paper on Common security holes (only mention the ones that the prospect can easily and inexpensively fix themselves). Towards the end explain that there are other greater security flaws that exist and that you provide a "Free Security Consultation and Report".
They could use this report to get cheaper quotes but you are getting so much more... you get face time with the company and get to build rapport with them.
I know of a company here in Toronto that does Energy Audits on your home and provide you with a report on ways you can save energy- they also also offer to fix it for you through their suppliers.
they had a story run on them on Earth Day this year and they were bombarded with over 200 calls in one day to have these audits done. The audits are done for free.
You could write up a shocking story on Security and holes that exist within businesses today and submit this story to the newspapers business edition or to a Trade Magazine written for the industry you are trying to serve. Most journalists may pick up this article and feature it or interview you directly.
Also, I would redesign your site to be more Information-based to educate potential prospects (how to solve common security issues) rather than it being all about the company - people are more interested in solving their problem and often aren't searching the internet for a particular company by name unless it is well established. So give them juicy information freely.
note: When I first heard this idea of giving away free information about solving a problem I was hesitant to use it in my web design business. I gave it a try anyways and the amazing part was that even the easy inexpensive things I advised them they could fix in their websites they offered to pay me to do it for them - from there I was able to upsell them on greater improvements. I've since sold this company - but it was fun!
Share this article with your friends. Fund someone's dream.
Leave a comment below or share on the left and you'll help support entrepreneurs in Africa through our partnership with Kiva. Over $50,000 raised and counting - Please keep sharing! Learn more.
by: 
Best Automated Forex Trading Strategy
Build Your List with Joint Venture Giveaway Events
May 2012 Top 100 Social Media Experts to Follow on Twitter
What to measure to be phenomenally successful in business
10 mistakes of media relations
Get advice & tips from famous business
owners, new articles by entrepreneur
experts, my latest website updates, &
special sneak peaks at what's to come!
Creating a Better Place to Work
Are You An Accidental Consultant?
Fear Factors in Small Business: Sales & Marketing
Email us your ideas on how to make our
website more valuable! Thank you Sharon
from Toronto Salsa Lessons / Classes for
your suggestions to make the newsletter
look like the website and profile younger
entrepreneurs like Jennifer Lopez.