Archive for September, 2010
Ipswitch’s Jonathan Lampe will be attending this week’s PCI Security Standards Council Community Meeting in Orlando, FL. He’ll be blogging from the event to keep us updated on discussions about the new PCI DSS 2.0 and other key Council initiatives.
As part of their ongoing mission, The PCI Security Standards Council enhances and evolves the PCI Data Security Standards as needed to ensure that the standard includes any new or modified requirements necessary to mitigate emerging payment security risks, while continuing to foster wide-scale adoption. We anticipate some very interesting forum conversations to review and discuss how the PCI DSS should evolve with this next release.
In the meantime, thought you’d want to watch this great video from the PCI Security Standards Council website. BTW, the bearded singer is Bob Russo, the PCI Council’s General Manager. Great job with the video Bob!
Two months ago we posted about the massive data breach at South Shore Hospital in Weymouth, Massachusetts, “800,000 Reasons Why MFT is Important“.
What originally happened was that computer files containing personal information of about 800,000 people, information such as names, addresses, phone numbers, dates of birth, Social Security numbers, driver’s license numbers, medical record numbers, patient numbers, health plan information, dates of service, diagnoses, treatments relating to hospital and home health care visits had been misplaced, possibly lost or maybe even stolen.
On September 8th, 2010 Wickedlocal.com reported that “South Shore Hospital initially informed the Attorney General’s Office and the public that it would send individual written notice of the data breach to each affected consumer.”
Aspirin worthy, but the legal and responsible thing to do…that is until a brilliant idea occurred:
“However, South Shore Hospital has informed the Attorney General’s Office that it does not plan to send individual written notice to affected consumers. Instead, South Shore Hospital has chosen to invoke a provision under state law to notify consumers through the ‘substitute notice’ process, which means rather than receiving individual letters at their homes, consumers who are affected by the breach will be generally notified of the data loss through a posting on South Shore Hospital’s website, publication in newspapers throughout the Commonwealth, and by e-mail for those consumers for whom South Shore Hospital has e-mail addresses.”
So the move here is that to notify the people who’s data they lost, they’ll put that information in a place where everyone can see it. Isn’t that counter-intuitive?
In a related story on Healthdatamanagement.com – Joseph Goedert reports that:
“Massachusetts Attorney General Martha Coakley ‘has objected to South Shore Hospital’s revised notification plans and maintains that affected consumers should receive individual notification as originally represented by South Shore Hospital in its prior public announcements concerning the data loss,’ according to a statement from her office.”
What are your thoughts on how South Shore Hospital is handling this? Am I the only one reaching for the Anacin?
Here’s a nice write-up of one of our newest customers, Salary.com
Every once in a while we like to showcase an exciting new customer and share some of the reasons why they chose to deploy an Ipswitch File Transfer solution to solve their business problems.
Quick background on the business need:
They sought a flexible, highly available solution that could simplify business operations and meet compliance regulations including SOX, PCI DSS, HIPAA and other state laws around employee privacy.
Security & compliance requirements were driving factors:
“It’s an imperative that our file transfer services maintain our rigorous requirements for keeping our clients’ critical business data secure,” said John Desharnais, managing director of technical operations at Salary.com.
And here’s some insight into their purchase decision:
“Salary.com reviewed several solutions, but selected Ipswitch’s MOVEit suite because of its comprehensive approach to managed file transfer, ability to provide an end-to-end audit trail and granular controls that monitor how files are moved, accessed, and used.”
“Ipswitch’s MOVEit solution is easy to use and ensures that we have complete visibility into all file transfer activity on our network.”
Salary.com, welcome to the Ipswitch family and we look forward to a loooong relationship together. As your business needs continue to grow and evolve, Ipswitch will be a trusted partner that will continue to bring innovative solutions to market.
We’ve been blogging a lot lately about how organizations must provide their employees with a safe and convenient way to quickly send files to other people.
How many of you actually provide your employees with a simple tool for securely sharing large, confidential and business-critical files? Policy creation and enforcement is not enough…. And if the process hampers worker productivity, employees will be forced to rely on risky alternatives including personal email and remote devices.
Please join tomorrow’s live webinar where Ipswitch’s Frank Kenney and HANDD’s Mark Allen will discuss how to keep data secure while enabling employee productivity and delivering organizational visibility, management, auditability, policy creation and enforcement controls.
- Speakers: L. Frank Kenney, VP of Global Strategy at Ipswitch and Mark Allen, Managed File Transfer Consultant at HANDD
- Date: Wednesday, September 8th, 2010
- Time: 9:00am ET / 14:00 Western European Summer Time
Go ahead, sign-up for the webinar now…. You know you want to!