Red Flags Rule and the Economic Stimulus Package: A One-Two Punch for Healthcare?
May 2009
HFMA's Hudson Valley Chapter newsletter
By Brian Lapidus
Summary: The Federal Trade Commission suspended enforcement of the Red Flags Rule until May 1, 2009, to give covered entities time to establish appropriate policies and procedures for dealing with the problem of identity theft. Because hospitals provide services to patients and regularly permit them to pay over time or to make multiple payments or transactions through an established account, it is presumed that health care entities will be considered a "creditor" that maintains "covered accounts" under the FTC's interpretations.
Read More
ANSI Panel to Standardize Identity Theft Tracking
March 20, 2009
PC World
Summary: Robert Vamosi reports on the second workshop for The Identity Theft Prevention and Identity Management Standards Panel (IDSP) sponsored the American National Standards Institute (ANSI). Workshop panels discussed a variety of topics, including debating the differences between identity theft and identity fraud. Identity theft experts clarified that identity theft occurs when the personal data is first accessed (as in a data breach) and identity fraud occurs when that personal data is used. Other panels provided insight into how different organizations currently collect and represent statistics and data around identity fraud.
http://www.pcworld.com/businesscenter/article/161646/ansi_panel_to_standardize...
Over 1 Million Potential Victims of Botnet Cyber Crime
June 13, 2007
Federal Bureau of Investigation Press Release
Summary: The Department of Justice and FBI announced the results of an ongoing cyber crime initiative to stop “botherders”, and raise the public’s cyber security awareness of botnets. A botnet is a collection of compromised computers under the remote command and control of a criminal “botherder.” Most owners of the compromised computers are unknowing and unwitting victims, having unintentionally allowed unauthorized access and use of their computers as a vehicle to facilitate other crimes, such as identity theft, denial of service attacks, phishing, click fraud, and the mass distribution of spam and spyware. Because of their widely distributed capabilities, botnets are a growing threat to national security, the national information infrastructure, and the economy.
http://www.fbi.gov/pressrel/pressrel07/botnet061307.htm
Quarterly Trends and Analysis Report
June 1, 2007
United States Computer Emergency Readiness Team (US-CERT)
Summary: This report summarizes and provides analysis of incident reports submitted to US-CERT during the U.S. Government fiscal year 2007 second quarter. The purpose of this report is to provide awareness of the cyber security trends as observed by the US-CERT. The analysis in this report is based on incident information that has been reported to US-CERT, incidents identified by US-CERT, and public/private sector information identified when correlating and analyzing the data. This report also provides information on notable security topics and trends, including emerging threats and updates to topics discussed in previous issues.
http://www.us-cert.gov/press_room/trendsandanalysisQ207.pdf
Phishing Attacks Soar as Scammer Nets Widen
May 24, 2007
Washington Post
By Brian Krebs
Summary: Reporter Brian Krebs discusses the issue of how more technically advanced phishing groups are targeting lucrative industries. The source of this is known as “Rock Phish”. These attacks generally involve techniques to avoid new anti-phishing measures. http://blog.washingtonpost.com/securityfix/2007/05/phishing...
Addressing Data-Breach before and after the Fact
May 2007
Executive Counsel
Summary: The FBI lists identity theft as the fastest growing crime in America, yet Brian Lapidus of Kroll Fraud Solutions believes what we are seeing may not be an increase of frequency as much as an increased level of awareness and detection. Among the most costly consequences of a data breach is the extensive disruption of business continuity during and after the exposure. According to Lapidus, companies can avoid this so-called operational paralysis and other negative outcomes by following some basic guidelines: Be aware of new attack methods. Stay current on security breach legislation. Establish a comprehensive pre-breach response plan that will enable decisive response and prevent operational paralysis if and when a data breach occurs.
http://www.krollfraudsolutions.com/pdf/ExecCounsel_MayJune07.pdf
2007 Annual Study: U.S. Enterprise Encryption Trends
February 2007
Ponemon Institute
Summary: Failure to protect customer data and proprietary business information can lead to serious consequences, including loss of customers or difficulty acquiring new ones as well as irreparable brand damage. To defend customer information and eliminate the potential consequences of a breach, businesses are encrypting sensitive data. This 2007 study by The Ponemon Institute, sponsored by PGP Corporation, focuses on identifying trends in encryption use, planning strategies, and deployment methodologies in enterprise IT. With the cost of data breaches rising and awareness growing about the need for encryption, the study sought to answer questions about the use and strategy for enterprise encryption.
http://www.pgp.com/downloads/research_reports/...
State Vows to Get Tough on ID Theft
September 28, 2006
Source: Seattle Post-Intelligencer
Summary: Washington State joins the federal government and many other people around the country in recognizing the magnitude of the ID theft problem.
http://seattlepi.nwsource.com/printer2/...
Uncle Sam’s Coming: Crackdown on ID Theft
September 27, 2006
www.news.com
Summary: The government appears to be taking a more active role in the fight against ID theft. A Presidential Task Force to investigate ID Theft was created in May 2006. It is co-chaired by AG Gonzales and FTC Chair Majoras, and is comprised of 17 federal agencies and departments. The Government is trying to promote more coordination and data sharing among federal agencies. The FBI participates in 21 identity theft/financial crimes task forces, while the Secret Service has 51 financial and electronic crimes task forces. The Presidential Task Force on ID Theft also recently issued a set of interim recommendations.
http://news.com.com/2102-7348_3-6119883.html?tag=st.util.print
Banks Rated for ID Theft
September 25, 2006
Published on ZDNet News
Summary: According to this new study, Bank of America, JP Morgan Chase, and Washington Mutual are the banks best able to prevent, detect, and resolve identity theft. 24 Banks were reviewed. By the end of 2006 most banks will have introduced multiple-factor identification, like password programs. More than three-quarters of companies recently surveyed by Deloitte Touche Tohmatsu said they had suffered a security breach from the outside, up sharply from the 26 percent that said they had suffered one when polled in 2005. Fully one-fourth of the respondents in the 2003 FTC study who had been the victim of financial fraud said they knew who had committed the crime, and in half those instances the perpetrator turned out to be a friend, relative or neighbor.
http://news.zdnet.com/2100-1009_22-6119424.html
Data breaches yield few ID thefts, survey says
September 15, 2006
ComputerWorld
By Jaikumar Vijayan
Summary: Contrary to popular perception, computer data breaches are less likely to result in identity theft and other fraud than off-line causes such as lost or stolen wallets and checkbooks. That was the finding of a yearlong study of about 5,000 U.S. consumers by Pleasanton, Calif.-based analyst firm Javelin Strategy & Research. Javelin's research showed that despite recent hype, data breaches were responsible for just 6% of all known cases of identity theft, compared to 30% from incidents like losing one's wallet. The study also showed that less than 1% of all individuals whose data was lost later became victims of ID theft.
http://www.computerworld.com/action/...
ANSI and BBB Spearhead Coalition of Leading Corporations on ID Theft Prevention Standards
September 13, 2006
Better Business Bureau Press Release
Summary: ANSI and BBB are partnering with a cross-sector team of high profile companies to create a single resource of standards and guidelines that businesses and other organizations can use to prevent and respond to identity theft and fraud. The nine founding partners that have joined ANSI and BBB in this effort are AT&T, Citi, ChoicePoint, Dell Inc., Intersections Inc., Microsoft, Staples, Inc., TransUnion and Visa U.S.A.
http://www.bbb.org/alerts/article.asp?ID=711
ID Theft: More Hype Than Harm
July 3, 2006
Business Week Online
By Dean Foust, with Sonja Ryst in New York
Summary: The media has given an inaccurate representation of the ID Theft problem. In choosing to highlight certain cases, like the VA veteran’s case, the media has made it seem as though the ID theft problem is larger than it is. The reality is that stolen data does not necessary mean stolen money. Thieves must go through a very complicated process to turn stolen data into capital. This is because most systems are password-protect, encrypted, or only opened with special software programs. Banks, in particular, has responded extremely well to the new ID theft threats. The article indicates that the 2003 report by the FTC, which says that $48 Billion in losses were incurred from ID theft, is inaccurate.
http://www.businessweek.com/magazine/content/06_27/b3991041.htm
Strategic Security: How to Survive Data Breach Laws
June 2, 2006
Network Computing
By Patrick R. Mueller
Summary: Articles offers practical advice for businesses: Don't wait until a breach occurs to start thinking about your policy. Undertake a risk assessment now, and include the relevant stakeholders--your IT and security teams, legal, public relations and executive-level leadership. If you don't, you can bet the press, government regulators, your customers and their lawyers will want to know why you didn't.
http://www.networkcomputing.com/channels/...
2005 Fraud Trends: Consumers Being Hounded by Internet and Telemarketing Scams
January 19, 2006
NCL News
Summary: The National Consumers League (NCL) released its annual lists of the top telemarketing and Internet scams that plagued consumers in 2005. More consumers are reporting scams, and victims are losing more money, according to the nonprofit organization. Based on information that consumers provided last year to NCL’s National Fraud Information Center/Internet Fraud Watch program, the average loss to telemarketing fraud rose from $1,974 in 2004 to $2,892 in 2005, and Internet fraud losses more than doubled, from an average of $895 in 2004 to $1,917. The number of scams reported rose by 39 percent for telemarketing fraud and 12 percent for Internet fraud.
http://www.nclnet.org/news/2006/2005_fraud_trends_01192006.htm
Your Identity Is Your Business. Protecting It Is Ours.
