Archive for August, 2016

Hillary Clinton email controversy and best practices for protecting data in your company

August 4th, 2016

According to the new reports, U.S. Attorney General Loretta Lynch mentioned that the Department of Justice is closing its case regarding Clinton. Earlier, clinton has used personal email account to conduct government business instead of official U.S. government email account.

Hillary received explicit warnings from the State Department’s cybersecurity team to stop using personal email. She had a private domain hosted on a private server placed in her home. This controversy can help us to understand the best data practices.

According to the comey,  Clinton and her colleagues were “sloppy,” “negligent,” and “extremely careless”  to handle classified information passing through her private server.

“Participants who know or should know that information is classified are still obligated to protect it,” said Comey at his press conference. He mentioned that everyone must be well trained and accountable for the information they handle, receive, read and exposed to. Proper training and sound implementation avoids security incidents.

“We [at the FBI] assess that it is possible that hostile actors gained access to Secretary Clinton’s personal email account,” said Comey at his press conference.

Many Clinton’s emails contained sensitive foreign intelligence data which can be compromised. Earlier, Clinton’s server was hacked in 2013.

“There are only two kinds of organizations,” MIT engineering and IT professor Stuart Madnick, who also serves as Director of the Interdisciplinary Consortium for Improving Critical Infrastructure Cybersecurity, has said at numerous symposiums and conferences at MIT over the past couple of years. “Those that have been hacked and those that don’t yet know they have been hacked.”

“‘Prevention, prevention, prevention, that’s all I’m focused on,’ is gonna be doomed to failure,” said Chertoff in his keynote address at the Advanced Cyber Security Center’s 2014 annual conference. “You’re not gonna eliminate the risk of cyber attacks; this is about managing the risk.”

House Democrats tried to defend Clinton during the hearing saying she may not have noticed or may not have understood “tiny, little” markings of “(C)” next to some paragraphs in her emails.  It is for classified files.

“It’s possible that she didn’t understand what a ‘(C)’ meant when she saw it in the body of an email like that,” testified Comey, who further indicated that before his investigation, he likely would have automatically assumed that a State Department official would know what the ‘(C)’ meant. “[It’s] not that she would have no idea what a classified marking would be, [but] it’s an interesting question whether she … was actually sophisticated enough to understand what [‘(C)’] means.”

In your company make sure that employees should read, understand, acknowledge the policies and receive effective training to handle day to day data and its classification to consider them accordingly.

 ___________________________________________________________________________________

Alertsec is used by organizations that have recognized the need to protect their information. Over 4 million users worldwide use Alertsec Check Point Full Disk Encryption.

Hacking causes EHR breach

August 2nd, 2016

As per the notice on website, Athens Orthopedic Clinic in Georgia mentioned that it has experienced a potential EHR breach after a healthcare cybersecurity incident. Facility said that an external entity had launched a cyberattack on its EHR system using a third-party vendor’s credentials.

Affected information included names, addresses, Social Security numbers, dates of birth, telephone numbers, and, in some cases, diagnoses and partial medical histories. Facility did not mention the number of individuals affected.

Many have earlier mentioned the need to strengthen healthcare systems.

“You rarely hear healthcare as the focus of the cyber-security industry,” Ralph Echemendia, CEO of cyber-security consulting firm Red-e Digital says. “With the Sony hack, an entire corporation was taken completely down. Nobody could go to work. If you do that to a hospital, people die.”

Cybersecurity experts were hired to investigate the attack and assess facility systems. Cybersecurity firm’s recommendations are implemented to improve healthcare data security.

“We are in the process of notifying the affected patients, and deeply regret any stress this may cause our patients,” Kayo Elliott, CEO of Athens Orthopedic Clinic told OnlineAthens.com.

“Rest assured that we are taking all necessary measures to ensure that any resulting damage is limited to the extent possible and working to retain your trust in our practice. We advise that our patients contact credit reporting agencies to create a fraud alert as soon as possible; we have posted a statement on our website that includes credit reporting agency contact information.”

According to the website:

Athens Orthopedic Clinic has been providing comprehensive orthopedic care to Athens and surrounding communities since 1966. AOC is a healthcare facility with a long-standing tradition of excellence and service. As a total orthopedic care center, our physicians specialize in orthopedic surgery and handle the diagnosis and treatment of diseases and injuries of the bones, muscles, tendons, nerves and ligaments in both adults and children.

____________________________________________________________________________________________

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption software.