Healthcare Data Breaches
Total Number Reported: 1170
Latest Incident
Nisar A. Quraishi, M.D.
State: NY
# of Records: 20,000
Type of Breach: Theft
See more at

Featured Articles
Planning for DR in the Cloud? The Questions to Ask Yourself and Providers

The Anthem Breach: Impacts

The Top 3 Cloud Risks Facing CFO's Today

Cyber Risk News
Sony hack serves as wake-up call, boosts interest in cyber security protocol

Silk Road paid thousands in shake-downs from malicious hackers

Hackers Steal $1 Billion in Massive, Worldwide Breach

Data breach lawsuits combined

St. Peter's Health Partners warns of possible data breach

Data Protection News
CareFirst breach demonstrates how assumptions hurt healthcare

Is there really a correlation between effective risk management and profit margin growth?

Agile security lessons from Aetna and the state of Texas

Seven best practices for cloud security

Attackers use email spam to infect point-of-sale terminals with new malware

Cloud Security: Pulling Back the Curtain
by Carbon Black, Inc.

The providers of Cloud services are gaining lots of small and mid-sized business clients because of their inherent convenience. Such customers generally lack the staff to create and maintain a secure data infrastructure, which is a selling point of Cloud services. Most small companies assume that the Amazons, Apples and Googles of the world have better protections in place for their customers’ data than the customer could ever have alone. While this might be true, let’s investigate the reality first.

The 2011 Verizon Data Breach Report indicates that 83% of all victims surveyed were felled by opportunistic attacks. These victims had publicly vulnerable computers accessible to the internet, fell victim to a mass phishing or drive-by-download attack, or had services with weak or default passwords. The remaining 17% were targeted. These victims possessed enough valuable data that it was worth finding a unique vulnerability in order to gain access to said data. Whether it was a human- or technology-based vulnerability, finding it took significantly more time, money and energy to uncover so the reward had to justify the cost.

Which category does your company fall into? If you don’t have an IT staff, or one that keeps abreast of the latest cyber threats, and you don’t have a lot of readily monitizable data, you probably fall into the opportunistic category. Hiring a Managed Security Service Provider to keep watch over your IT and data is probably a good idea. However, if you possess lots of PCI, PII, PHI, or intellectual property, your company falls into the targeted category and should be investing a considerable amount of money and human resources in security.

The vast majority of companies are somewhere between these two points. They are able to do basic security, but what they are protecting is not so valuable that legions of hackers are trying to break in. It’s these companies that should spend the most time assessing the additional risks of using cloud services.

A recent IEEE article found that “the majority of the cloud service providers felt that security wasn’t really their domain but that of their customers.” That’s not to say they aren’t providing any security at all, just that it’s not their focus. When you look at the fierce competition in this space, can you blame them? What’s worse, even the National Institute for Standards and Technology (NIST) doesn’t think cloud providers should be responsible for securing the data they possess. In fact, their definition of “cloud” seems to be in stark contrast to security. They use words like “convenient”, “on-demand”, “shared”, and “minimal management effort&

To continue reading you must login.