April 30, 2015

April 10, 2015

Please reload

Recent Posts

I'm busy working on my blog posts. Watch this space!

Please reload

Featured Posts

Disclosure Rocks! Go HITECH

March 4, 2011

 

So many great titles for this post. Thanks to a tweet from @ anton_chuvakin, I found this "list of breaches of unsecured protected health information affecting 500 or more individuals."  This disclosure data is fantastic for evidence-based risk assessments. Couple this with some real assessment data in your organization and you have a powerful decision framework for your leadership.

To me, this data screams out the need to mature and measure your effectiveness protecting data at rest before investing in other control areas. Just as the Verizon and other breach reports demonstrate, resist chasing the trendy threats (APTs) until you address the basics.

For blog eye candy, here's a table and some pie of the counts. NOTE: I changed some of the "Types" for grouping. Do not use this graph without studying the data. Better yet, produce your own, it only takes a couple minutes in xl.

Counts by Type (modified for presentation)

Phishing Scam6600.02%
Improper Disposal9,0120.2%
Incorrect Mailing83,0002%
Loss (lost,theft)150,0644%
Other (mostly paper, some PED))448,68612%
Hacking/IT Incident114,5203%
Theft2,849,46278%
total3,655,404 

Also in the healthcare world, thanks to Securosis for pointing out this gem: $4.3M HIPAA fine. Note the angle for the fine but it can be useful for the greater good.

Share on Facebook
Share on Twitter
Please reload

Follow Us

I'm busy working on my blog posts. Watch this space!

Please reload

Search By Tags