-
Long-awaited HIPAA Omnibus Rule is Unveiled
Andrew Hicks, Managing Principal, Coalfire
As of January 17, 2013, the HIPAA Omnibus Rule has finally been released by the Department of Health and Human Services (HHS), which will modify the HIPAA privacy, security, and enforcement rules. The package of regulations, in regard to this long-overdue HIPAA Omnibus Rule, will officially be posted on the Federal Register on January 25, 2013 and will be put into effect on March 26, 2013. Covered entities and business associates will have until September 23, 2013 to comply with the new regulations.
Read more
-
FedRAMP PMO - FedRAMP Process and Developing SSP webinar Q&A
Tom McAndrew, Chief Executive Officer, Coalfire
The FedRAMP program continues to gain momentum and GSA and the FedRAMP PMO conduct great, interactive, webinars available to attend live or to watch later. There is much to learn from the GSA on how to navigate the FedRAMP process according to their requirements. Read more
-
South Carolina Data Breach Survey Results on Residents' Attitudes
Rick Dakin, CEO, Co-founder and Chief Security Strategist
Coalfire recently conducted a survey of South Carolina residents who were victims of the recent data breach at the Department of Revenue. The data breach affected residents of the State who had filed their taxes online exposing 3.8 million taxpayer Social Security numbers and nearly 400,000 credit and debit card numbers.
Read more
-
The PCI SAQ P2PE-HW: Patience, POIs and PIMs
Dan Fritsche, Principal, Retail and Financial Services
The new PCI SAQ P2PE-HW (Point to Point Encryption Self-Assessment Questionnaire) was released in July 2012, and many merchants are excited about the prospect of a shorter, less arduous compliance validation effort. After all, it’s significantly shorter than the SAQ-D; instead 12 sections, there are 4, and 284 controls are reduced to 19.
Read more
-
What's Next in Retail IT? The Convergence of Mobile, P2PE and the Cloud
Rick Dakin, CEO, Co-founder and Chief Security Strategist
Greetings from the Javits Center in New York City, the site of the National Retail Federation’s Big Show. This year, the theme of NRF is “Next”.
When it comes to Retail technology – and in particular, security and compliance, the most talked about “next” things are:
Read more
-
Small Breach, Big Settlement
Andrew Hicks, Managing Principal, Coalfire
Earlier this week the Department of Health and Human Services (HHS) announced the first ever breach settlement where fewer than 500 patient records were compromised. The $50,000 settlement was issued as a result of 441 patient records being stored on an unencrypted laptop that was stolen from the Hospice of North Idaho (HONI).
Read more
-
P2PE Hybrid, the next best thing since the Prius
Dan Fritsche, Principal, Retail and Financial Services
P2PE promises many things, the most coveted being scope reduction for the merchant and a shifting of the compliance burden from the merchant to the service provider. A properly implemented P2PE solution can indeed reduce the risk of compromise for a merchant as well as reduce the scope of what must be done to continue to maintain compliance to the PCI DSS.
Read more