Data Breaches and Compliance

Data security and breach regulations are constantly evolving.  Last month, the Federal Trade Commission (FTC) announced a notice of proposed rulemaking to “strengthen and modernize” the existing Health Breach Notification Rule (HBNR) from 2009 (HBNR is part of the HITECH Act, enacted to promote the adoption and meaningful use of health information technology).  In addition to updating several definitions of terms, the main goal of the proposal is to expand breach notification practices to keep pace with ever changing business and technological developments. 

Although the need to protect unsecured electronic data via solutions like encryption, as originally specified by the Department of Health and Human Services (HHS), remains an absolute necessity, the FTC has since seen the need to broaden its interpretation of HBNR.  These days, a data breach need not only comprise an external hack, but may also encompass, for example, a personal information disclosure by a health app without user authorization. 

As a result, the FTC will require more thorough notifications from breached entities, including information about potential harm that affected persons should be aware of. 

Healthcare entities, of course, are not the only sector that needs to keep abreast of sophisticated cybercrime.  Security incidents for retail have been on the rise this year as well.  In January, JD Sports announced that hackers had accessed the order information of 10 million customers, with WH Smith sharing similar news in March (though the number was unspecified). 

Between the mass of payment card and personal data, retail has always been a highly attractive target for bad actors.  According to a 2022 Verizon data breach report, phishing, ransomware and credential stuffing remain the primary attack vectors through which retail data security is compromised.  These initiatives only become more lucrative for cyber criminals as retailers adopt more data collection practices and technologies to keep a competitive edge.  As is often the case, trying to keep up with the times is a necessity for business that nevertheless beckons clever crooks to exploit overlooked gaps.

In order to safely maintain a competitive edge, organizations can deploy NetLib Security’s powerful Encryptionizer solution to protect sensitive data right out-of-the-box.  Encryptionizer simplifies your security needs with no additional programming required and virtually no effect on performance.  For organizations in need of adhering to industry compliance standards, whether GDPR or FIPS 140-2, Encryptionizer can provide the needed shield for your data..  For healthcare firms seeking encryption software to protect their patients’ personal health information (PHI) and electronic health records (EHR), while remaining compliant with regulations like HIPAA/HITECH, Encryptionizer is there to safeguard your organization, patients, and peace of mind.


By: Jonathan Weicher, post on June 6, 2023
Originally published at: https://www.netlibsecurity.com
Copyright: NetLib Security