Healthcare Data Breaches
Total Number Reported: 1170
Latest Incident
Nisar A. Quraishi, M.D.
State: NY
# of Records: 20,000
Type of Breach: Theft
See more at

Featured Articles
Planning for DR in the Cloud? The Questions to Ask Yourself and Providers

The Anthem Breach: Impacts

The Top 3 Cloud Risks Facing CFO's Today

Cyber Risk News
Sony hack serves as wake-up call, boosts interest in cyber security protocol

Silk Road paid thousands in shake-downs from malicious hackers

Hackers Steal $1 Billion in Massive, Worldwide Breach

Data breach lawsuits combined

St. Peter's Health Partners warns of possible data breach

Data Protection News
CareFirst breach demonstrates how assumptions hurt healthcare

Is there really a correlation between effective risk management and profit margin growth?

Agile security lessons from Aetna and the state of Texas

Seven best practices for cloud security

Attackers use email spam to infect point-of-sale terminals with new malware

Will Facebook's IPO Cybersecurity Disclosures Set the Tone Under SEC's New Guidance?
by Robert A. Oestreicher, Baker Hostetler

Facebook filed its long-awaited Form S-1 with the SEC on February 1. Given the nature of its business, concerns regarding data privacy were peppered throughout the filing. While other business risk factors may be paramount (e.g., reliance on Zynga, slowing growth, etc.), data privacy has been and will continue to be an important issue for Facebook.

For instance, in November 2011 Facebook settled a case with the FTC in which it agreed to subject itself to bi-annual privacy audits for the next 20 years. Using this example, the filing states that Facebook expects to continue to be subject to similar regulatory investigations regarding privacy going forward.

The filing also cites new and changing laws and regulations regarding data privacy, both U.S. and foreign, as potentially having the following negative consequences on Facebook’s core business:

“[Such laws and regulations] can be costly to comply with and can delay or impede the development of new products, result in negative publicity, increase our operating costs, require significant management time and attention, and subject us to claims or other remedies, including fines or demands that we modify or cease existing business practices.”

Considering the risks presented by continued pressure on the data privacy front, Facebook says it is not taking any chances, putting in place “a dedicated team of privacy professionals who are involved in new product and feature development from design through launch; ongoing review and monitoring of the way data is handled by existing features and apps; and rigorous data security practices.”

Facebook’s cybersecurity disclosure represents a fairly sophisticated example of a disclosure prepared subsequent to the fairly recent guidance released by the SEC on this topic. Facebook’s disclosure here could be seen as a blueprint for other companies going forward.

By contrast, VeriSign is facing scrutiny for waiting until September 2011 to disclose successful attacks against its corporate network that occurred in 2010. VeriSign’s 2011 disclosure contained little information about the nature of the attacks, the type of data that was taken, and the remedial measures that were taken. VeriSign did insist that its SSL business had not been compromised.

To continue reading you must login.