CynergisTek’s TekBlog

UCLA Medical Center employee, Lawanda Jackson, is accused of inappropriately viewing medical records of 61 patients including Maria Shriver and Farrah Fawcett. Jackson had worked at the hospital for over thirty years before she quit following these accusations last June.

“I didn’t leak anything or anything like that,” said Jackson. “It wasn’t for money or anything. It was just looking.”

Though Jackson claims that she did not leak or sell any of the patients medical information, the incident has sparked several state investigations and could result in federal charges being brought upon Jackson.

In addition, Farrach Fawcett’s attorney’s are questioning whether Jackson leaked the news that Fawcett’s cancer had returned to the tabloids. Jackson refused to say whether or not she had spoken with the tabloids when interviewed by the LA Times, simply saying, “I’m scared to answer that…I don’t believe that I am the leak.”

This embarassing news comes shortly after the LA Times reported that 25 UCLA employees peeked into Britney Spears medical records after the singer was checked into the nueropsychiatiric unit in January.

This story is a prime example of how critical employee education truly is. Employees must realize that even if they consider their actions to be an innocent peek caused by curiousity, that they are breaking the law, setting the organization up for sanctions and themselves for possible criminal charges.

To read more about this sitiation, please visit the LA Times article here..

The University of Miami School of Medicine announced that back-up tapes were stolen from a contractor hired to store them. The tapes, which held health and financial information for approximately 2.1 million medical center patients, were stored in a “complex and proprietary format” that officials insist would be very difficult for theives to crack. However, they plan to notify 47,000 patients whose credit card data may have been included in the theft.

This is not the first data breach we have seen recently that was tied to a contractor an organization hired out. Do you really know if your contractor is a risk to your organizations security status? CynergisTek Surveyor can help you assess the security posture of your contractors and business partners. However, vendors and business partners should not be your only concern, we have also seen breach after breach caused be an organizations own employees. While some steal data maliciously, many others simply expose data by accident. It is crucial that employees are educated and taught safety measures and best practices to ensure they do not cause a breach. Another step that can decrease your likelihood of a data breach is installing a data loss prevention solution, such as CynergisTek’s SafetyNet.

For more information regarding Surveyor or any other CynergisTek services that can assist in preventing a data breach, please contact us..

This quiz was re-posted from PrivacyRights.org. Each question is a yes/no question, assign one point for each question you answer NO to.

1. It conducts a criminal or civil background check before hiring employees who will have access to personal identifying information and screens cleaning services, temp services, and contractors.

2. It provides cross-cut paper shredders at each workstation or cash register area for the disposal of credit card slips, sensitive data or prescription forms.

3. It “wipes” electronic files, destroys computer diskettes and CD-ROMs, and properly removes any data from computers before disposal.

4. Read more..>

What IT person hasn’t had real, justified concerns about the potential for folks on the internal network to shoot corporate information assets out the virtual front door through webmail, email, or various other protocols completely bypassing compliance requirements, NDAs, data classification labels, etc? In the users’ defense, it’s not always a malicious act. Sometimes in the normal course of doing their job folks get asked to provide something that they agree to send via electronic means that they shouldn’t send outside the environment for one reason or another and they just don’t know any better.

We’ve seen tools Read more...

To find out, take the quiz below, taken from SearchSecurity.com:

Quiz: Security awareness for end users

Studies show that a company’s biggest security threat is its own employees. The SANS Institute recommends that organizations should take time to educate their employees about computer security and periodically test employees to make sure they understand the basics.

How to take the quiz:
- After reading the question, click on the answer that you think is correct to go to the whatis.com definition. If the answer you’ve chosen is correct, you will see the question text or Read more..b

Metrolist has been recently recommended for REALTOR® Secure certification following a successful evaluation
by CynergisTek, Inc. This certification is awarded to organizations that employ industry best practices in information security, including measures designed to ensure secure online transactions, secure networks and disaster recovery.

To achieve certification, an organization must undergo a rigorous three step process which includes a security self-review, independent third-party evaluation and final approval by the National Association of REALTORS® (NAR) Center for REALTOR® Technology. Metrolist chose CynergisTek, an information security consulting company which has been approved by NAR as a REALTOR® Secure Third-Party Evaluator, to Read more...