Organizations that have experienced a breach report that three lessons they learned were to limit the amount of personal information collected, limit sharing data with third parties and limit the amount of data stored, a new survey shows.
What are the critical steps that IT security professionals should take in the aftermath of a breach? CEO Micky Tripathi of The Massachusetts eHealth Collaborative offers eight practical lessons based on his breach resolution experience.
A breach is a disaster, says business continuity specialist Ken Schroeder. So organizing an effective breach-response team does not require a reinvention of the wheel. What it does require is a holistic approach.
Save Mart, the Modesto, Calif.-based grocery chain, now confirms that skimming devices are to blame for the data breach believed to have exposed hundreds of consumer accounts to debit and credit card fraud.
Edward DeMarco Jr. of the Risk Management Association understands the regulatory challenges financial institutions will face in 2012. But to overcome those hurdles, improved communication is needed across the enterprise.
As legal issues surrounding data breaches become increasingly complex, more organizations are turning to attorneys for post-breach response, says Lisa Sotto, a managing partner for New York-based law firm Hunton & Williams.
Healthcare organizations should carefully document all necessary breach investigation and notification actions and responsibilities to avoid chaos when an incident occurs, says Dawn Morgenstern, privacy official at the Walgreens national drugstore chain.
Servers at Virginia Commonwealth University were recently hacked, potentially exposing Social Security numbers for more than 176,000 faculty, staff, students and affiliates at the university and the VCU Health System.
One reason why so many healthcare organizations are not well-prepared to counter security threats is that "key leadership has not bought into the whole process," says Bob Krenek of ExperianÂ® Data Breach Resolution.
Penetration tests that demonstrate how an unauthorized user could gain access to patient information can be effective in winning support for a bigger information security budget, says David Kennedy of Diebold, Incorporated.