Archive for April 2010


NEW FEDERAL LAW EXPANDS HEALTH INFORMATION SECURITY REQUIREMENTS

Thursday, April 29th, 2010

The American Recovery and Reinvestment Act of 2009 (ARRA) expands the privacy protections for health information under the Health Insurance Portability and Accountability Act of 1996 (HIPAA).

On April 17, 2010, the Department of Health and Human Services (HHS) released guidance on technologies and methodologies for securing legally protected health information (PHI), which takes effect immediately.

Until now, HIPAA’s privacy and security requirements applied only to health care providers, health insurance plans and health care clearinghouses. Now those requirements (and the penalties for non-compliance) also apply directly to third-party administrators and other vendors.

The act significantly increases civil penalties for violations. Maximum penalties are $10,000 per violation, with a cap of $250,000 for multiple violations during the calendar year. The penalties apply to all violations after the date of enactment. Health and Human Services will periodically audit covered entities and will investigate covered entities upon receiving a complaint.

Effective immediately, state attorneys general can bring civil actions in federal court against covered entities seeking injunctions against violations and can sue for damages on behalf of state residents.

InterComputer’s Trusted Health Information solution prevents the compromise of electronic identities and communications between health care providers, insurance companies, other vendors, and patients, and insure against losses and regulatory penalties from cybercrime of any kind.

medical_01

Tags: , , , ,
Posted in Computer Crime, Electronic Medical Records | No Comments »


CYBERTHIEVES HIT MISSOURI DENTAL PRACTICE FOR $200K

Thursday, April 1st, 2010

steve-martin-dentist

Yes, this IS going to hurt a bit.

On March 22, cyberthieves penetrated a computer at the Smile Zone dental practice in Springfield, MO, and transferred over $200,000 from the practice’s bank account in 11 different transfers.

The investigation is ongoing, but it appears likely the thieves used an application of ZeuS, Zbot, or SpyEye crimeware to hijack the computer and instigate the wire transfers. “Money mules”, people who knowingly or unknowingly serve as relay stations for money transfers, were also involved in this crime.

Banks reliably deny any liability when their customers’ online banking credentials are stolen or compromised. Unlike consumers, who enjoy legal limitations on cybercrime losses, businesses can only try to reverse the illegal transfers and hope for the best. If the illegal transfers are not undone within the first 24 hours, the likelihood of recovering the stolen money falls dramatically.

In this particular case, the bank only required a user name and password to conduct online banking transactions. That information was, apparently, easily hijacked by the thieves, who then posed as the dental practice and wired the money out.

InterComputer’s Trusted Banking solution is designed expressly to prevent the compromise of electronic identities and communications between banks and their clients, and insure against losses from cybercrime of any kind.

Tags: ,
Posted in Banking Industry, Computer Crime | No Comments »