Monday Morning New Kick Off: Data Breaches Persist in Healthcare, U.S. Hampered in Fighting Cyber Attacks and Much More

Welcome to the Monday Morning News Kick Off post from the ITAC blog. As always, we cull together the latest, greatest and most impactful headlines when it comes to identity theft, data breaches and cyber security. This week, we offer a diverse mix of stories about Red Flag, data breaches and healthcare, students being targeted as identity theft victims and much, much more. Hope you find this mixed bag of stories the right information you need to kick start your week.

FTC Delay of Identity Theft Rules A Reprieve For Businesses
The Federal Trade Commission has once again delayed enforcing new regulations that would require lawyers, accountants, and a sweeping number of other businesses to have procedures for detecting possible identity theft. The agency said it will not begin enforcing its so-called “red-flag rules” until December 31, six months after they were supposed to go into effect. The delay gives business owners and others some breathing room while the FTC sorts out exactly who would be covered by the rules. Read the full Portfolio article here.

Data Breaches Persist in Healthcare
In September 2009, the Obama administration’s Health Information Technology for Economic and Clinical Health (HITECH) Act went into effect, requiring hospitals and other health care organization to beef up client data protections. Despite this, a recent study found that health care data is still hemorrhaging from peer to peer networks. A peer-to-peer, commonly abbreviated to P2P, is any distributed network architecture composed of participants that make a portion of their resources (such as processing power, disk storage or network bandwidth) directly available to other network participants, without the need for central coordination instances (such as servers or stable hosts). Read the full CIO post here.

Community Hospital of San Bernardino Fined for Data Breach
For violations of patient confidentiality, the state Department of Public Health fined Community Hospital of San Bernardino $325,000. The hospital was assessed a $250,000 fine for unauthorized access of 204 patients’ medical information by one employee. A fine of $75,000 was added after the facility failed to prevent the unauthorized access of three patients’ medical information in a separate case. Diane E. Nitta, the hospital’s administrator, said the hospital has “enhanced staff education efforts around patient privacy (and) put in place expensive security measures that guard against inappropriate access to our patients’ records. Read the full article from The Sun here.

Government Pushing to Control Internet
For the past decade, the federal government has been moving to gain effective control over the internet. Now, thanks to legislation just crafted by Sen. Joseph Lieberman of Connecticut, the government may finally realize its goal of being able to control virtually all aspects of the vast internet, including private internet systems. The decade-long process began in earnest in 2001, when the Bush Administration secured passage of legislation giving it jurisdiction to prosecute computer hackers anywhere in the world if the packets of information traveled through a U.S. computer or router and affected a “federal interest computer.” Read the full AJC post here.

U.S. Hampered in Fighting Cyber Attacks, Report Says
The U.S. government’s ability to counter cyber attacks against its nonmilitary computer systems is largely ineffective, according to a report from an internal watchdog released last week. The Homeland Security Department branch that monitors cyber attacks can’t force other agencies to protect their systems, is woefully understaffed and its ability to manage responses to cyber attacks has been hindered by constant turnover, said the department’s inspector general. The department’s U.S. Computer Emergency Readiness Team, known as US-CERT, also withheld data from other federal agencies that could have helped them address security breaches, the report found. Read the full WSJ post here.

Wanted: Young Cyber Experts to Defend Internet
Nationwide campaigns to steer youthful techies into careers defending the Internet are gaining steam. The federal government, education officials and giant military contractors are collaborating to recruit a new class of tech professional specifically trained to battle data thieves, online scammers and cyberspies. The recruitment tool of choice: competitions that pit tech-savvy youths in mock warfare against professional hackers. This year, the Collegiate Cyber Defense Competition drew teams from 83 colleges and universities, up from five schools in 2005. Boeing hired seven contestants to help defend its internal networks, which are prime targets for corporate and military spies. Read the full USA Today post here.

The Unreadiness Team
THE REPORT is chilling. Optimistically titled “U.S. Computer Emergency Readiness Team Makes Progress in Securing Cyberspace, but Challenges Remain,” it paints a disturbing picture of a national security disaster waiting to happen. The U.S. Computer Emergency Readiness Team, or CERT, established in 2003 to coordinate national cyber-defense efforts, is an arm of the Department of Homeland Security (DHS) tasked with “analyzing and reducing cyber threats and vulnerabilities, disseminating cyber threat warning information, and coordinating cyber incident response activities.” But this vast responsibility has come with little and confusing authority. Read the full Washington Post Op-Ed here.