Nine out of 10 hospitals lost personal data in last two years

A new study from the Ponemon Institute and security firm ID Experts surveyed 80 health care organizations and found that 94 percent had experienced a data-loss incident in the past two years. Another 45 percent sustained more than five breaches during that period. Source: SC Magazine

Escalating healthcare data breaches come with $7bn pricetag

Healthcare data breaches, despite their high profile in the news, aren’t getting any rarer: in fact, lost or stolen devices and employee errors are heading towards a $7 billion price tag for the industry – more than the level of funding that the US government gives cancer research.

Companies are losing control of their data to the mobile revolution

Users are sharing information on social networks and using public cloud services to move data from corporate to personal devices in ways that by-pass company security policies and systems, and expose company data. Source: Infosecurity (USA)

California Medicaid department publishes 14K SSNs on public website

The State of California's Department of Health Care Services (DHCS) has acknowledged that it accidentally published 14,000 Social Security numbers online for nine days last month. Source: Infosecurity (USA)

Despite Security Worries, Human Resources Allows Social Media At Work

More than 60 percent of enterprises don't block Facebook, other sites; two-thirds don't monitor employee use. Source: Dark Reading

NASA breach update: Stolen laptop had data on 10,000 users

Breached unencrypted laptop puts personal data of NASA employees and contractors at risk, spokesman says. Source: CSO Online

S.C. tax breach began when employee fell for spear phish

Gov. Nikki Haley said the agency suffered from two flaws: One, it didn't require additional credentialing to access sensitive systems and two, it didn't encrypt taxpayer data. Source: SC Magazine

Data breach could cost businesses $330M, ex-FBI official says

The ultimate cost to some South Carolina businesses from the data breach at the state Department of Revenue could top $330 million, a former high-ranking FBI official says. Source: GreenvilleOnline.com

NASA to deploy whole-disk encryption following breach

NASA is reeling from the fallout of a data security breach after a laptop containing sensitive information on a large number of employees and contractors was stolen. Source: SearchSecurity

Data breach costs skyrocket as class-action lawsuits become more prevalent

Data breaches are on the rise, and the scope of the amount of data stolen is getting wider. The rise of “Big Data” heists like the one that Sony has been dealing with for 18 months (77 million accounts were compromised) is opening up the potential for class action suits in such cases to become the norm. And that can add millions of dollars to the cost of the incident. Source: Infosecurity

Faced with escalating mobile malware, NIST publishes mobile security guidelines

With the triple- and quadruple-digit increases in mobile malware (especially for Android) making security news seemingly every other day, the US National Institute of Standards and Technology (NIST) has published draft guidelines to outline baseline security technologies for mobile devices. Source: Infosecurity

Millions of SSNs lifted from South Carolina database

Slipshod security at the state Department of Revenue leads to a massive security breach: 3.6 million Social Security numbers are stolen. The state's population is approximately 4.7 million. Source: CNET News

Verizon: Most Intellectual Property Theft Involves Company Insiders

While most cybercrimes originate outside the company, IP theft often comes from within, researchers say. Source: Dark Reading

Sony PSN hacking lawsuit dismissed by judge

A judge rules that "there is no such thing as perfect security," after 75 million customers' billing addresses, user names, passwords, and phone numbers were stolen in a massive cyberattack. Source: CNET News

Florida University Breach Exposes Data On 279,000

At least 50 Northwest Florida State College employees hit by identity theft at this point -- including the university's president. Source: Dark Reading

TD Bank lost customer data – six months ago

The first public indication of the loss appeared on the California Attorney General website, with the publication of a sample ‘notification’ letter now being sent to the bank’s affected customers. Source: Infosecurity

Hearing scheduled in Sutter data breach class action

A hearing is scheduled in Sacramento on Sept. 27 in a class action suit against Sutter Health over last year’s theft of a personal computer that held data on 4.24 million patients. Estimates of potential liability, damages, and attorneys' fees range from $943 million to $4.25 billion. Source: Sacramento Business Journal

Most data breaches come from within

While the data breach events that catch headlines are the work of hacking collectives and professional malware writers, it turns out that the vast majority of information compromises come at the hands of a much less nefarious source: the firm’s own unwitting employees. Source: Infosecurity (USA)

Executive order drafted following failed Cybersecurity Act

The Obama administration hopes to issue a cyber security executive order similar to the Cybersecurity Act of 2012, killed by the Senate. Source: SC Magazine

20% of IT staff admit to accessing unauthorised executive data

Survey finds that 39% of IT staff can get unauthorized access to their organization's most sensitive information - including the CEO's private documents - and one in five has already accessed data they shouldn't have. Source: CSO Online

End User Security Awareness Gap Remains Wide, Experts Say

Enterprise-driven security education programs continue to fall short of the mark. Source: Dark Reading

5 Frequently Forgotten Factors In Assessing Risk

The most common mistakes organizations make when going through the risk assessment process. Source: Dark Reading

Cancer Care data breach compromises 55K patients

Personal information from as many as 55,000 cancer patients has been stolen from Indianapolis-based Cancer Care Group following the theft of a laptop. Source: Infosecurity (USA)

DSW Shoe Warehouse awarded $8.6M in cyber-insurance payout

DSW Designer Shoe Warehouse has been awarded $6.8 million in insurance coverage, according to a federal appellate court ruling, after a 2005 data breach that exposed transaction information from 1.4 million credit card transactions. Source: Infosecurity (USA)

Cybercrime costs U.S. consumers $20.7 billion

Worldwide losses resulting from cybercrime including malware attacks and phishing hit $110 billion between July 2011 and the end of July 2012, a report by security company Symantec has found. Source: CNET News

Security issues increase corporate BYOD costs

Despite the perception that bring your own device (BYOD) saves organizations money, more than two-thirds of IT professionals believe it increases costs, primarily due to the added security risks and measures required. Source: Infosecurity (USA)

Most firms do not protect sensitive data in databases, survey finds

A full 65% of businesses do not protect the sensitive data in their databases from unauthorized employees and consultants, according to a survey conducted by GreenSQL. Source: Infosecurity (USA)

Summer of the Health Data Breach continues

It’s getting to the point where during this Summer of the Health Data Breach, keeping up with each occurrence is easier said than done.Source: EHR Intelligence

Obama weighs executive order on cybersecurity

In response to the Senate’s failure to pass the Cybersecurity Act, President Obama is mulling issuing an executive order to beef up the cybersecurity of critical infrastructure, according to White House homeland security adviser John Brennan. Source: Infosecurity Magazine

Data breach costs LinkedIn up to $1 million

Due to one of the year's largest reported data breaches, business networking site LinkedIn has announced that it already has taken up to a $1 million hit. Source: SC Magazine

Five Steps To Protecting Intellectual Property

Staying secure means finding out where your sensitive data resides -- and how to protect it. Source: Dark Reading

White House, Cybersecurity Chiefs Back Proposed Legislation

Obama, top federal officials say Cybersecurity Act of 2012 is good enough to help. Source: Dark Reading

U.S. Medical ID Theft Cost Jumps To $41 Billion

New Ponemon study finds that half of medical identity theft victims know the person who stole their IDs, and victims end up footing the bill in many cases. Source: Dark Reading

Data Loss Prevention: What's The Use?

Why deploy data loss prevention technologies if there are ways to circumvent the system? Source: Dark Reading

50% Job leavers steal confidential company data

New details from Iron Mountain show the extent to which employees leaving employment will take confidential company data with them when they go. Source: Infosecurity Magazine

Most security professionals predict breaches will increase this year

A disturbing 93% of IT security professionals believe that data breaches will increase this year, according to nCircle’s 2012 Information Security and Compliance Trend study. Source: Infosecurity (USA)

US appeals court rules against Maine bank in Zeus attack case

More than a year after the original court ruling, an appeals court has found that Maine-based Ocean Bank’s security system was “commercially unreasonable” and the bank’s actions contributed to a breach that resulted in the theft of $588,000 from an online customer’s account. Source: Infosecurity (USA)

Google detects 9,500 new malicious websites daily

Google blocks about 9,500 new malicious websites every day as part of its antiphishing and antimalware detection capabilities, according to new statistics released this week by the search engine giant. Source: SearchSecurity

6 Biggest Breaches Of 2012 So Far

According to the Privacy Rights Clearinghouse, during the first half of 2012 we have seen 266 breaches that affect more than 18.5 million records. Dark Reading poured through the records and picked a breach for each month of 2012 so far to highlight as the most important exposures to learn from in the first half of the year. Source: Dark Reading

Global Payments: Consumer data may also have been stolen

Credit card processor says unspecified consumer data may have been exposed in addition to credit card numbers stolen. Source: CNET Security News

Insider threats continue to plague IT managers

The vast majority of IT managers and C-level professionals are more concerned with insider threats – such as the theft of confidential information by employees – than external threats. Source: Infosecurity Magazine

Survey Says Health Data Breaches Can Lower Consumer Confidence

Health data breaches can have a negative effect on an organization's relationship with its customers, according to a survey conducted by the Ponemon Institute. Source: iHealthBeat

Cybercrime costs companies an average of $214,000 per attack

Successful cybercrime attacks cost businesses an average of $214,000 per incident, according to a survey conducted by the Ponemon Institute. Source: Infosecurity (USA)

Hospital agrees to pay $750,000 over data breach allegations

A Massachusetts hospital has agreed to settle in court to the sum of $750,000 over allegations concerning its failure to protect sensitive patient data. Source: SC Magazine

Report says cyber security still takes a backseat for major companies

As cyber threats continue to be a nuisance to major companies, senior management has yet to give it the attention it deserves, a recent study finds. Source: SC Magazine

DHS warns about patient data risk from wireless medical devices

The Department of Homeland Security (DHS) is warning healthcare organizations about the security threat posed to patient data and networks by insecure wireless medical devices (MDs) and mobile communication devices. Source: Infosecurity (USA)

Symantec conference puts focus on mobile security

At its annual Symantec Vision conference attended by enterprise customers and business partners, Symantec laid out its management and security product strategy for mobile endpoint devices, including the iPhone, iPad and Google Android devices. Source: Network World via CSO Online

Number of vulnerabilities down, malicious attacks up

While the number of vulnerabilities decreased by 20%, the number of malicious attacks continued to skyrocket by 81% in 2011, according to Symantec’s annual 'Internet Security Threat Report'. Source: Infosecurity Magazine

Healthcare Unable To Keep Up With Insider Threats

Insiders played a role in recent breaches at Utah Department of Health, Emory, and South Carolina Department of Health and Human Services. Source: Dark Reading

CISPA approved in House despite online freedom objections

The controversial digital threat information-sharing bill, the Cyber Intelligence and Sharing Act (CISPA), passed the U.S. House on Thursday, thus setting up a showdown in the Senate. Source: SC Magazine

3.2 million Massachusetts residents had personal information lost or stolen

A disturbing 3.2 million Massachusetts residents have had their personal information lost or stolen over the past four years, according to a new report by the state’s Office of Consumer Affairs and Business Regulation. Source: Infosecurity Magazine

Ipswitch survey reveals the extent to which IT is losing control over data

IT needs governance; but users are choosing simplicity. In choosing and using their own non-sanctioned methods for data transfer, users are causing IT to lose control over its own data. Source: Infosecurity Magazine

Health Care Data Breaches Highlight Need for Security Investment

Massive health care data breaches in Atlanta, South Carolina and Utah show a need for securing mobile devices, increasing audits and using intrusion-protection software. Source: eWeek

Tech Insight: Getting Ready For Data Loss Prevention (DLP)

DLP is a business issue requiring the co-existence of people and process with technology. Source: Dark Reading

Cybersecurity bill gains House support, SOPA opponents' ire

A bill introduced last year in the House has garnered increased support from House members and renewed attention from some of the groups that took down the Stop Online Piracy Act (SOPA). Source: Infosecurity (USA)

9 Recent Data Breaches That Have Cost Financial Services Firms Big-Time

The details of these breaches are downright scary, or ingenious, depending on your point of view. Source: Dark Reading

Utah Health Data Breach Affects Nearly 800,000

Theft of Medicaid data in Utah may have been joint effort between hackers, insiders. Source: Dark Reading

RockYou to pay FTC $250K after breach of 32M passwords

RockYou, a company that makes games and other applications for use on social networking sites, must pay $250,000 following a settlement with the Federal Trade Commission over a massive 2009 breach. Source: SC Magazine

PwC report highlights senior management complacency about security

Financial services are, not surprisingly, increasingly subject to economic cybercrime. According to a report from PwC, cybercrime is now second only to asset misappropriation as the most popular way of defrauding an organization in the financial services (FS) sector. Source: Infosecurity (USA)

$1.5M Fine Marks A New Era In HITECH Enforcement

Data breach at BlueCross BlueShield of Tennessee, and subsequent penalty, stands as example of financial fallout from poor healthcare IT security practices. Source: Dark Reading

HHS fines Blue Cross of Tennessee for theft of 57 hard drives

The US Department of Health and Human Services (HHS) is fining Blue Cross Blue Shield of Tennessee $1.5 million related to the 2009 theft of 57 unencrypted computer hard drives containing protected health information on over one million patients. Source: Infosecurity

ISSA releases SME data security standard guidance

The Information Systems Security Association (ISSA) has released the first in a series of guidance documents to accompany a new information security standard for small and medium-sized enterprises (SMEs). Source: Infosecurity

New Verizon Breach Data Shows Outside Threat Dominated 2011

Preview of Verizon Business' data breach cases shows malware and hacking the top breach methods. Source: Dark Reading

McCain, other Republican senators unveil alternative cybersecurity bill

Fulfilling a pledge made last week, Sen. John McCain (R-Ariz.) and seven of his Republican colleagues in the Senate introduced on Thursday a cybersecurity bill that takes a less regulatory approach to strengthening US cybersecurity than the Cybersecurity Act introduced last month.Source: Infosecurity (USA)

City of Mobile (Alabama) Data Loss Incident

46,000 offenders' names, Social Security numbers, date of birth, addresses, and criminal offense acquired by hacker; 500 redacted entries dumped on the Interne. Source: DataLossDB

Most Small Healthcare Practices Hacked In The Past 12 Months

Ninety-one percent of small healthcare practices in North America say they have suffered a data breach in the past 12 months, new Ponemon report finds. Source: Dark Reading

Food and beverage industry has unsavory history of data breaches

The food and beverage industry is the top target for cybercriminals for the second year in a row, according to the 2012 Global Security Report by Trustwave SpiderLabs. Source: Infosecurity

Big Data Means Big Security Problems, Study Says

Large data stores often contain 'toxic' data that is sensitive to business, Forrester report says. Source: Dark Reading

New York State Electric & Gas Data Loss Incident

1.8 million customers Social Security numbers, dates of birth and, in some cases, financial institution account numbers compromise. Source: DataLossDB

Indiana University Data Loss Incident

650,000 names, email addresses, birth dates and nutritional data due to hacked database. Source; DataLossDB

Ernst & Young loses 401k information of bank employees

Ernst & Young, auditors of Regions Financial Corp., lost personal information on current and former Regions’ employees when a flash drive with the data sent in the mail was stolen. Source: Infosecurity (USA)

Number of patient record data breaches nearly doubled last year

The total number of patient records compromised in the US increased by 97% in 2011 compared with 2010, according to a report released this week by the Redspin consulting firm. Source: Infosecurity (USA)

When it comes to customer data protection, firms are phoning it in

Only half of IT professionals believe that their organization made its best effort to protect customer and consumer information, according to a survey by credit reporting firm Experian and the Ponemon Institute. Source: Infosecurity (USA)

Univ. of Hawaii settles with 98,000 over five breaches

The University of Hawaii has settled a class-action data breach lawsuit brought by nearly 100,000 students, faculty, alumni and staff. Source: SC Magazine

Zappos Sued Over Data Breach

Class-Action Suit Argues Data Not Safeguarded. Source: BankInfoSecurity.com

Former US national security officials urge Senate to pass cybersecurity bill

Former US national security officials from the Clinton, Bush, and Obama administrations are pushing the Senate for passage of comprehensive cybersecurity legislation. Source: Infosecurity (USA)

Viruses stole City College of S.F. data for years

Personal banking information and other data from perhaps tens of thousands of students, faculty and administrators at City College of San Francisco have been stolen in what is being called "an infestation" of computer virus. Source: San Francisco Chronicle

Breach at Zappos exposes data on 24 million customers

Zappos, an online shoe and clothing retailer, is warning 24 million customers that a security breach has exposed their personal information, including partial credit card data. Source: Infosecurity (USA)

Endpoint attacks cost firms close to half a million dollars annually

Attacks against endpoints are costing the average organization around $470,000 annually, according to a survey sponsored by Symantec. Source: Infosecurity (USA)

Most users have not installed security software on their smartphones, survey finds

Nearly three-quarters of Americans have never installed data protection applications or security software on their smartphones to protect against data loss or malware. Source: Infosecurity (USA)