Posts Tagged ‘lawsuit’


ELECTRONIC MEDICAL RECORD SECURITY – HUGE CARROT, HUGE STICK

Wednesday, March 3rd, 2010

Hospitals, doctors, and insurance companies face intense pressure to electronify medical information and health histories. This pressure is comprised of both a very big stick and a very big carrot.

The stick comes in the form of proliferating state and Federal laws mandating the safekeeping of electronic medical records (EMR). Last year, the hospital that treated the mother and babies in the famous “Octomom” case was unable to prevent unauthorized access to their medical records by the hospital’s own employees. California regulators fined the Kaiser Permanente hospital in Bellflower a total of $437,500 for failure to prevent just two instances of unauthorized access. Other prominent institutions, such as UCLA Medical Center, have suffered newsworthy failures to protect EMR information in the cases of Farah Fawcett, Britney Spears, Maris Shriver, and others. In addition to the financial damage such failures incur, hospitals are deeply concerned about the effects of adverse publicity on their reputation and about incurring big expenses in related legal actions.

The carrot comes in the form of a huge Federal earmark for $19 billion in stimulus money to incent the development and implementation of electronic medical records (EMR) technology.

InterComputer is working within the health care industry to address two major market requirements:

1. The need to control access to EMR in compliance with applicable Federal and state laws
2. The need to securely communicate and exchange documents among hospitals, doctors, and insurance companies

The InterComputer InterOperating System (IOS) is fully compatible with all major EMR solutions and applications and fully insured against loss due to cybercrime of any kind within the system. Its advanced user identity, authority delegation management, and secure messaging technologies, can absolutely prevent the kind of incidents that have proved so costly to Kaiser’s bottom line. IOS also delivers automated compliance with both HIPAA and SarbOx regulatory requirements.

To learn more about InterComputer’s EMR capability, click here.

medical_01

Tags: , , , ,
Posted in Electronic Medical Records | No Comments »


COURT ALLOWS LAWSUIT AGAINST BANK FOR ON-LINE THEFT

Monday, February 8th, 2010

The issue of who pays when a customer’s on-line access to bank accounts is compromised has been simmering ever since on-line banking began. Banks have, understandably, been exceedingly reluctant to accept liability when a customer’s electronic banking identity and password are compromised and money disappears from their accounts. Financial institutions have spent heavily to prevent the establishment of any precedent that would result in banks being on the hook for cybercrime losses. Until now, no court in the U.S. has actually found any financial institution liable in such a case.

However, recent news reported in Computerworld Security (http://www.computerworld.com/s/article/9137451/Court_allows_suit_against_bank_for_lax_security) chronicles a decision by an Illinois District Court to allow such a lawsuit against Citizens Financial Bank to proceed to trial.  You can see another view of this case at darkreading.com (http://www.darkreading.com/database_security/security/attacks/showArticle.jhtml?articleID=220100950).

This incident is a good example of how angry cybercrime victims are and how nervous banks are. In this case, someone acquired the customer’s account name and password and used them to steal $26,000 from the customer’s home equity line of credit.  Unless a pre-trial settlement is reached, the bank will obviously spend many times that amount to defend itself in court and avoid setting a costly precedent.

The victims in this case are not alleging that the bank violated its cyber security policies, or even that the bank was the source of the name/password leak. They are alleging that the bank was negligent for not providing stronger protection against cybercrime. Specifically, the victims assert that the bank should have offered “two-factor authentication”, which relies not only on what the user knows (ID and password) but what the user has (a security token).

Unfortunately, even two-factor security is no longer any guarantee that on-line access to bank accounts is secure, as reported in this ZD-Net article (http://blogs.zdnet.com/security/?p=4402.)

InterComputer’s solution utilizes three-factor authentication (plus an “out of band” protocol) as just one part of one of the seven layers of protection built into every application.  Nevertheless, the true value of InterComputer’s profound technological superiority to current industry practices is that it is insurable. Underwritten Insurance against financial loss, lost business, and third party liability from cybercrime will allow bank information security officers (and their customers) to sleep well at night.

If you were the bank’s chief security officer, which solution would you choose: one that promised tough security only, or one that delivered cutting-edge, patent-pending security along with an insured guarantee?

Tags: , ,
Posted in Banking Industry, Computer Crime | No Comments »