INSIGHTS
Valuable insights and thought leadership.
- All
- Breadcrumb News
- In The News
- Insights
Uber discloses a 2016 data breach affecting 57M users, after concealing it for a year
On Tuesday, November 21, Uber officially disclosed a massive data breach that affected 57 million users of the ride-hailing app. The breach originally occurred in October of 2016 with Uber working to conceal it for over a year after paying a $100,000 ransom.
Discovery of the company’s cover-up of the incident resulted in the firing of two employees who led Uber’s response to the hack, said Dara Khosrowshahi, who was named CEO in August following the departure of founder Travis Kalanick.
Khosrowshahi said he had only recently learned of the breach, which happened in October 2016. He said Uber had begun notifying regulators. The New York attorney general has opened an investigation into the data breach, a spokeswoman said.
Protecting your data while shopping online this holiday season.
It is that time of year once again – the holiday season. With it comes family gatherings, celebrating traditions, and of course, holiday shopping. You’re likely to put together a game plan when it comes to budgeting, where and when to find the best deals, and what to get everyone on your list. But, if you are one of the estimated 59% of Americans that plans to do your shopping online, it’s important to put together a plan for protecting your data, and your money, this holiday shopping season.
Over 50% of Small Businesses Have Been Cyberattack Victims… And Many Didn’t Even Know.
Does your favorite yoga studio or local ice cream shop have a cybersecurity risk management plan? If not, they may be putting their sensitive data- or yours- at risk of cybertheft.
According to new research from insurance firm Nationwide, a significant percentage of small businesses may not know they have been a cyberattack victim due to a lack of understanding as to what constitutes a cyberattack.
Nationwide’s annual survey of business owners found that 13 percent said they experienced a cyberattack.
However, that number jumped to 58 percent of owners who identified as victims when shown a list of specific examples of attacks, including phishing, viruses and ransomware – revealing a 45 percent gap in lack of understanding about what constitutes an actual attack.
Creating a Culture of Security: Review
Creating a culture of security, as you’ve likely gathered, is not a static process. The key to staying ahead of cybercriminals is consistent review and updates. A common mistake organizations make with their security awareness program is failing to plan long term. Often times, they get caught up in the initial roll-out of their training, but forget to plan on updating their program periodically. New types of attacks are consistently generated, so it is important that senior management and the IT department work together to stay ahead of the hackers. The key to maintaining a strong security posture is consistent review and updates.
The California Cybersecurity Initiative: Privacy is the New Currency
On Tuesday, October 10, Breadcrumb Cybersecurity – formerly IT Strategy, Inc. – presented The California Cybersecurity Initiative: Privacy is the New Currency. The inaugural event, hosted at McCormick Barstow, LLP, highlighted the financial and reputational risks associated with today’s cyber threats, as well as the economic advantage to protecting the privacy of patients, customers, and sensitive corporate data.
MACRA, MIPS, and the Security Risk Assessment: What you need to know.
If you are a healthcare provider that accepts Medicare, then you have likely seen and heard the acronyms MACRA, MIPS, and EHR hundreds of times in 2017.
You may have chosen to attest to MIPS for the entire calendar year, or perhaps you are gearing up to begin reporting in the final 90 days of 2017. You also may have chosen to begin reporting in 2018. Whichever path you have selected, are you aware that before medical practices participate in MIPS they must prove that patient health information contained in EHR and elsewhere in their practice is protected by performing a security risk assessment (SRA)?