Home
Home
Pricing

Published Pricing: Our Standard Rate Card Pricing Impact: Automated, Manual, or Both? Summary: How much does a penetration test cost?

General Pentest Info

What: What is a Penetration Test?

Why: Why Penetration Test? Why High Bit?

Types: Penetration Test Types Penetration Testing as a Service (PTaaS)

Methods and Samples

Methodologies: Safety and Stability Network Penetration Testing Web App Penetration Testing Wireless Penetration Testing Compliance

Report Samples: Report Samples Explained Full Private Report Sample Finding Report Sample Remediation Checklist Sample Public Facing Report Sample

FAQ

Questions that often are asked: FAQ - Frequently asked questions

Questions you may want to ask: Questions to ask about Cost Quality Questions - Automation Quality Questions - Web Applications

About
About High Bit Security

High Bit Security Reviews

Contact
Contact Us
Real News.
Real Companies.
Is Yours Next?
Simple contact: 3 fields, one form, that's it. Inquire Here:
Cost effective, proactive testing to keep you out of the news - use the form below.

Email (Company domain please):


no gmail, yandex, yahoo, etc.
captcha
Enter code:
Yes, I am a human.

Security News

At Risk: Mortgage Companies
Cyber Espionage Presentation with Congressman Rogers and FBI
At Risk: Staffing Firms
At Risk: Medical Facilities
High Bit 2012 Report: 95.83% Businesses Vulnerable
Hospice Fined For Data Breach
High Bit 2013 Predictions
Cybersitter China Hack
Hospitals 94% Breached
Samsung TV Vulnerability
Medical Ransomware

Hospice of North Idaho Faces Record
$50K Fine After Small Data Breach

07 January 2013 Infosecurity www.infosecurity-magazine.com

The Hospice of North Idaho has been slapped with a large fine for a relatively small data breach: the loss of a laptop with unencrypted personal information on 441 patients has resulted in a fine of $50,000 for the non-profit. The laptop was stolen out of a hospice worker's car, and the thief later arrested. The laptop was not recovered but the Hospice said that there is no evidence of identity theft or other ramifications from the breach. The US Department of Health and Human Services (HHS) has fined the center for the lack of encryption on the data, which violates the Health Insurance Portability and Accountability Act (HIPAA).

The fine is the largest to date for a breach of under 500 records. "This action sends a strong message to the health care industry that, regardless of size, covered entities must take action and will be held accountable for safeguarding their patients' health information", said HHS Office of Civil Rights Director Leon Rodriguez in a statement. "Encryption is an easy method for making lost information unusable, unreadable and undecipherable."

The hospice is largely volunteer-run but yet is the largest provider of palliative care in its county according to its website - highlighting the disconnect between human and capital resources and the need to enforce security requirements that has been well documented among small and medium-sized businesses.

A recent Ponemon Institute study found that among SMBs, which often run on very thin margins and without dedicated IT resources, a full 64% of US respondents and 75% of UK respondents cited "insufficient people resources" as a primary barrier to achieving effective security. Also, 62% of UK respondents consider "the complexity of compliance and regulatory requirements" as a key barrier, and 55% listed "lack of in-house skilled or expert personnel."

The fine may be an object lesson to HHS, but for the Hospice it places a burden on its operations, it said. "As a nonprofit, $50,000 is a lot of money and we are being extra resourceful right now to account for this settlement cost," Amanda Miller, a spokeswoman for the hospice, told the Spokesman-Review.

Nonetheless, the center has put efforts in place to comply with federal requirements and help its patient info-safety along. "Hospice of North Idaho conducted a thorough risk analysis as a part of its security process, increased security measures on all equipment containing patient information, and adopted stronger security policies and procedures to ensure the safety of patient health information," Miller told the paper. "Other measures taken were the encryption of all laptops, stronger password enforcement, and HIPAA privacy and security training on a scheduled basis."