Wednesday, February 22, 2017

Memorial Healthcare pays $5.5 million HIPAA settlement

Well, at this point hopefully those in the infosec field, especially in the healthcare arena, are aware of the recent settlement by Memorial Healthcare (Hollywood, Florida) for $5.5 million.  This was for violations of HIPAA that resulted in the protected health information (PHI) of over 100,000 individuals being potentially exposed.  While not the highest penalty, certainly up there.

You can read the whole press release HERE.  As well as the settlement agreement HERE which includes the corrective measures they must take.

For me, this is notable as Memorial Healthcare is one of the local hospital groups in my area.  Now, I have no connection with Memorial, I do NOT have any inside information on them.  All I know is what I have read in the above articles.

Friday, February 17, 2017

BSides Tampa 2017 report

This past weekend, February 11th, I was in Tampa for the 4th BSides Tampa Conference.  This is my second time attending, and second time presenting.

Overall it was a good conference.  There were some differences from last year, most positive.  They clearly need to move to a larger venue.  This year and last was at the Stetson Law Center in Tampa.  This location has a nice facility, but is limited in parking, and there is no place to get lunch.  Last year they brought in KFC for everyone, this year was food trucks.  But there was only 2 and I didn't have the time to get lunch before I had to do my session.

Thursday, February 16, 2017

ISACA's State of Cyber Security 2017 Report

Recently ISACA released the result of a survey as their State of Cyber Security Report 2017, part 1.  You can download it at their website HERE.

Part 1 focuses on topics like "workforce challenges" and "persistent skills gap".  Like many other groups, ISACA continues to push the narrative of a skills gap, and of course their solution is to train more folks in cybersecurity, ideally with their new set of CSX training and certifications.

Thursday, February 9, 2017

Commentary on Cyber Resilience

At the upcoming HackMiami5 conference I will be speaking on "Cyber Resilience".  I have been looking at this term over the last several months.  As an infosec/cybersecurity professional, I wanted to better understand what this "cyber resilience" is and how it fits in.

Now, at my talk at HM2017 I will be going into several "models" for cyber resilience and other resources, and I will NOT be posting that information here on my blog until sometime later.  So this posting, which maybe part of a series, is more my thoughts on what cyber resilience is.

Now, the more or less standard definition I hear for cyber resilience is "the ability to recover from attacks quicker and keep losses to a minimum."