Digital Signature Blog

Subscribe
Entries related to: digital-security

Three of Eleven Largest Counties in USA Use SIGNiX Digital Signatures

 
Read More

6 Tips for Secure Online Passwords

John Harris, chief technology office of SIGNiX, recently wrote an article for American City & County about the importance of creating strong passwords to protect sensitive data. His article outlines six important to-dos and six equally important not-to-dos when creating online passwords. In the article, John tells us:
Read More

6 Affordable Ways Companies Can Strengthen Their Cybersecurity Efforts

John Harris, chief technology officer of SIGNiX, recently wrote an article for BOSS Magazine about affordable ways companies can strengthen their cybersecurity efforts. In the article, John explains how important it is to train employees on cyber risk, and he says:
Read More

3 IT Challenges Facing Federal Agencies

Pem Guerry, executive vice president of SIGNiX, recently wrote an article for NextGov.com about the three IT challenges facing federal agencies. In the article, he explains that governments face a heightened cybersecurity risk and says:
Read More

Email Security Awareness Training for Agents and Advisors

John Harris, chief technology officer of SIGNiX, recently wrote an article for ThinkAdvisor about training employees and customers on email security. In the article, he explains how important it is to learn how to detect a fraudulent email and says:
Read More

4 Insanely Easy Things You Can Do to Protect Your Privacy Online

Recently there’s been a lot of buzz about online privacy. The NSA monitoring scandal has put a huge spotlight on the issue, and it’s something everyone spending time online should consider.  
Read More

Guest Post: Getting fired because of a health care data breach

Today we've got a guest blog post from Ron Arden, the Vice President of Strategy & Marketing for eDocument Sciences. Ron is joining us today to talk about the consequences of a data breach. Organizations are getting very serious about how they react to a data breach of confidential information. On January 10, 2013, an employee of a contractor who processes Medicaid prescription transactions lost a USB drive with about 6000 patients’ names, Medicaid identification number, age and recent prescription drug use history. Less than a week later, she was fired.  The organization affected was the Utah Department of Health. It uses Goold Health Systems to process pharmacy claims for Utah’s low-income health program. The breach occurred because a Goold employee copied a report containing the confidential information on 6000 Medicaid enrollees to an unencrypted USB drive. She left the company facilities with the thumb drive in her possession. She copied the report to the thumb drive because she was having trouble uploading it to a secure file server, which is the normal process. She planned to upload it later. According to Goold, doing this is against company policy. There are numerous problems in this scenario. The first is the employee didn’t realize copying personal health information (PHI) onto a thumb drive was against company policy. I don’t if that’s true or not. Maybe she knew, but thought it was no big deal. If she didn’t know, then the company has a serious training problem. Anyone dealing with PHI or any sensitive data needs to be trained on proper handling of the information. If she knew and did it anyway, the training isn’t very effective. Someone besides the employee may need to be held accountable. The next problem is that confidential information is not encrypted. At a minimum, the company should either restrict copying information to a USB drive or all USB drives used for company business should be encrypted.  A better approach is to encrypt the document itself rather than relying on people to use encrypted devices. When the employee created and downloaded the report, a persistent security policy should be applied to the document. The security policy defines who can view, edit, print, copy and save the file. If the employee copied an encrypted file to a thumb drive and lost it, there is no data breach and no problem. According to HIPAA regulations, if the information is encrypted, there are no data breach reporting obligations, since no PHI has actually been released. If a sensitive document accidentally gets into the wrong hands, the information in it is worthless. It looks like random characters unless the person reading it has the appropriate access rights. As soon as Goold realized they had a potential data breach, they could have immediately revoked access to the document. This effectively kills all access to it. Goold may be liable for penalties and legal action under Utah data breach legislation and HIPAA. It’s possible that the thumb drive was thrown into the trash and no one will ever see it, but it’s also possible that someone may find the information and use it for identity theft. Either way, the laws are fairly explicit. Violating policy on PHI is serious business. In this case it got someone fired. Anyone dealing with protected information needs to encrypt it to prevent a possible data breach.  
Read More

Report: Fraudsters steal an identity every three seconds

In 2012, reports of identity fraud increased by more than one million victims. In fact, fraudsters stole more than $21 billion last year, the highest amount since 2009.
Read More