A single stolen storage drive triggered a federal investigation that found Alaska's Department of Health and Human Services did not have adequate policies and procedures in place to safeguard electronic protected health information.
While the overall numbers seem relatively small when the entire universe of cyber incidents is considered, they suggest the IT systems that control the critical infrastructure America's economy and society rely on to function are increasingly at risk.
People receiving IT security graduate degrees are highly educated, but as the Center for Internet Security's William Pelgrin says, "We have a deficit of those individuals who can pick up the ball and run with it very quickly." He's doing something about that.
"Without combining relevant data sets impacting the network, security professionals will fail in characterizing threats and targeted intruder activity," says Ed Stoner, a senior Carnegie Mellon researcher.
In the wake of the Supreme Court ruling, security and privacy leaders need to forge ahead with initiatives that were left in limbo while the court weighed the constitutionality of the healthcare reform law.
The Alaska Department of Health and Social Services has agreed to pay $1.7 million to settle a HIPAA case stemming from a relatively small breach. Federal authorities listed numerous security shortcomings at the department, which oversees Medicaid in the state.
Memorial Sloan-Kettering Cancer Center in New York is notifying 880 patients that some of their personal information may have been exposed when it was inadvertently embedded in PowerPoint charts posted on two websites.
LinkedIn contends it had on staff world-class security experts when nearly 6.5 million members' hashed passwords were pilfered, although the social media company has neither a chief information officer nor chief information security officer.