We began our discussion with the recent hack of Medicaid that occurred right in our own backyard; Utah. Getting hacked is never a good thing, and I asked Raj what he thought might be the fallout from the hack. According to Raj, in the short term, Medicaid can expect to pay penalties and fines. The clincher is that in the long term we can expect our State taxes to increase according to Raj.
Raj points out that this is not uncommon to see large organizations being hacked; however, the government has made progress by mandating and implementing better compliancy regulations making it more difficult for hackers to target larger organizations,. What Raj found interesting is a recent case involving a Phoenix cardiology group, consisting of two cardiologists, who had agreed to pay a hundred thousand dollar ($100,000.00) fine for using cloud computing in their medical practice. Turns out the doctors were using a web based calendaring and scheduling system and neither cardiologist had done any due diligence on their vendors to verify if the technology complied with HIPAA privacy and security rules.
Now, the attention of hackers are turning to the smaller medical practices, smaller accounting firms; those who need to be HIPAA, PCI, or GLBA compliant. Many businesses are not compliant, and are trading short term savings for long term liabilities. In addition, businesses owners fail to understand the loss of customer value when an incident occurs. It will become more and more expensive for businesses not to meet the standard of practices than the cost to assure you are in compliance.
It all boils down to implementing good security practices. If a breach occurs and you can show that you are following the standard of best practices, it will greatly increase your odds of avoiding devastating penalties, fines, and loss of customer trust.
Take the time to understand what the law requires of you. The following link provides a PDF created by Raj depicting a number of great case studies in failure. The information will definitely make you think about who’s Internet is it anyway, and who’s got your back when it comes to your personal information.
The criminal hackers are now targeting the low hanging fruit…Small professional businesses, home offices, and the individual end-user. In addition to the information that is available on your computer, it’s the theft of that power and speed, and the ability to command as a Zombie PC and combine it with thousands of other computers (Botnet) to attack other businesses, websites (DoS – Denial of Service), competitors, large corporations, government, infrastructure, etc.), all because too few understand or implement digital safe practices.
The, “I am to small mentality doesn’t hold water any longer”, said Raj. The law does not require perfection, but it does require you to follow best practices for the business you are in, and reduce your risk footprint.
We switched gears and addressed the recent incident of Kimberly Hester being fired for refusing to give her employer her Facebook password. The way Raj addressed it was the employer would have to be insanely stupid to follow that thinking. You can listen to additional comments about this discussion at time stamp 00:26:26
I asked Raj what he thought about our digital footprints becoming more like full body imprints likened to snow angels we made as kids. How, is all this abundance of information influencing law enforcement practices here in the US? Time stamp 00:28:59. Raj’s response took us back to how some of the profitable businesses today got their start as aggregators collecting massive amounts of personal information and selling it to the US Government. It will surprise you the amount personal information that has been collected and sold about US citizens to the US government since 1940’s.
Here is something for everyone to think about, what are your thoughts about the iPad dictation function being sent to Apple servers, or HDTV capability of watching you watch TV? How about Samsung and other manufactures that have built in cameras and microphones that are always turned on and capable of watching the viewers? Television, radio, and cars are next.
There is a great deal more for you to listen to…download the interview. There is always good, solid, and usable information to be mindful about, as well as implement.
Your, CyberHood Watch Partner.
david c ballard