Monthly Archives: June 2018

Google Calendar gets an Out of Office mode

out of office cal

Google Calendar is the latest Google app to get an update focused on improving users’ “digital wellbeing.” The company announced today it’s rolling out a new “Out of Office” feature in Google Calendar, alongside a setting for customizable working hours. The working hours signal to others when you’re unavailable, and allows Google Calendar to automatically decline meetings on your behalf outside those hours.

For starters, you’ll find there’s a new “Out of Office” calendar entry type you can select when you’re creating an event via Google Calendar on the web.

For example, if you’re scheduling the dates of your vacation, you could mark that event as “Out of Office.” If others send you meeting invites during this period, Google Calendar will decline them without your involvement.

It’s a feature users have requested for years to complement Gmail’s Vacation Responder.

Google also says it will attempt to automatically detect when event types should be denoted “Out of Office,” based on the event title.

Another new feature will allow you to better customize your working hours in Google Calendar.

Currently, you can set working hours to one interval for all days of the week, but now you’ll be able to customize your hours for each day separately. This will help people who have irregular availability — not the usual 9 to 5, so to speak.

Google Calendar will also try to infer your working hours based on your prior scheduling patterns, and may prompt you to confirm them in the app’s Settings.

The changes, while seemingly small, are part of a broader movement at Google to promote digital wellbeing across its platforms.

In recent months, the company has introduced a number of features focused on helping people better manage their time, and fight back against the addictive nature of smartphones and digital services.

For example, at its I/O developer conference in May, Google introduced new time management controls for Android users, and it has a set of screen time tools for parents to use with children via Family Link.

It even rolled out new tools to help YouTube users cut down the time they spend mindlessly watching videos.

Other services, like Gmail and Google Photos, utilize machine learning and AI to reduce the time spent in-app, by doing things like prioritizing the important mail, or automatically editing your photos.

The new Google Calendar tools are rolling out now to G Suite users, Google says. Presumably, a broader consumer release will soon follow.

 

via:  techcrunch

Instagram now lets you 4-way group video chat as you browse

Instagram Video Calling

Instagram’s latest assault on Snapchat, FaceTime and Houseparty launches today. TechCrunch scooped back in March that Instagram would launch video calling, and the feature was officially announced at F8 in May. Now it’s actually rolling out to everyone on iOS and Android, allowing up to four friends to group video call together through Instagram Direct.

With the feed, Stories, messaging, Live, IGTV and now video calling, Instagram is hoping to become a one-stop-shop for its 1 billion users’ social needs. This massive expansion in functionality over the past two years is paying off, SimilarWeb told TechCrunch in an email, which estimates that the average U.S. user has gone from spending 29 minutes per day on the app in September 2017 to 55 minutes today. More time spent means more potential ad views and revenue for the Facebook subsidiary that a Bloomberg analyst just valued at $100 billion after it was bought for less than $1 billion in 2012.

 

 

One cool feature of Instagram video calling is that you can minimize the window and bounce around the rest of Instagram without ending the call. That opens new opportunities for co-browsing with friends as if you were hanging out together. More friends can join an Instagram call in progress, though you can mute them if you don’t want to get more call invites. You’re allowed to call anyone you can direct message by hitting the video button in a chat, and blocked people can’t call you.

Here’s how Instagram’s group video calling stacks up to the alternatives:

  • Instagram – 4-way plus simultaneous browsing
  • Snapchat – 16-way with up to 32 people via listening via audio
  • FaceTime – 32-way (coming in iOS 12 this fall)
  • Houseparty – 8-way per room with limitless parallel rooms
  • Facebook Messenger – 6-way with up to 50 people listening via audio

Instagram is also rolling out two more features promised at F8. The Explore page will now be segmented to show a variety of topic channels that reveal associated content below. Previously, Explore’s 200 million daily users just saw a random mish-mash of popular content related to their interests, with just a single “Videos You Might Like” section separated.

Now users will see a horizontal tray of channels atop Explore, including an algorithmically personalized For You collection, plus ones like Art, Beauty, Sports and Fashion, depending on what content you regularly interact with. Users can swipe between the categories to browse, and then scroll up to view more posts from any they enjoy. A list of sub-hashtags appears when you open a category, like #MoGraph (motion graphics) or #Typeface when you open art. And if you’re sick of seeing a category, you can mute it. Strangely, Instagram has stripped Stories out of Explore entirely, but when asked, the team told us it plans to bring Stories back in the near future.

The enhanced Explore page could make it easier for people to discover new creators. Growing the audience of these content makers is critical to Instagram as it strives to be their favorite app amongst competition. Snapchat lacks a dedicated Explore section or other fan base-growing opportunities, which has alienated some creators, while the new Instagram topic channels is reminiscent of YouTube’s mobile Trending page.

Instagram’s new Explore Channels (left) versus YouTube’s Trending page (right)

Finally, Instagram is rolling out camera effects designed by partners, starting with Ariana Grande, BuzzFeed, Liz Koshy, Baby Ariel and the NBA. If you’re following these accounts, you’ll see their effect in the Stories camera, and you can hit Try It On if you spot a friend using one you like. This opens the door to accounts all offering their own augmented reality and 2D filters without the Stories camera becoming overstuffed with lenses you don’t care about.

What’s peculiar is that all of these features are designed to boost the amount of time you spend on Instagram just as it’s preparing to launch a Usage Insights dashboard for tracking if you’re becoming addicted to the app. At least the video calling and camera effects promote active usage, but Explore definitely encourages passive consumption that research shows can be unhealthy.

Therein lies the rub of Instagram’s mission and business model with its commitment to user well-being. Despite CEO Kevin Systrom’s stated intention that “any time [spent on his app] should be positive and intentional“ and that he wants Instagram to “be part of the solution,” the company earns more by keeping people glued to the screen rather than present in their lives.

 

via:  techcrunch

Federal Agencies Fell Short in Assessments of Cybersecurity Employees, Finds Report

The skills gap poses a persistent challenge to organizations. Enterprises need a qualified workforce if they are to adequately defend against digital threats. This is true for every industry and is especially so for the public sector.

Acknowledging that fact, Congress enacted the Federal Cybersecurity Workforce Assessment Act (Act) in 2015. This piece of legislation requires the Office of Personnel Management (OPM) to develop a coding structure under the National Initiative for Cybersecurity Education (NICE) for cybersecurity positions and create procedures that facilitate the coding structure’s implementation for civilian cybersecurity positions. It also stipulates that 24 agencies covered by the Chief Financial Officers (CFO) Act must submit baseline assessments of their workforces and establish processes to apply OPM’s coding structure to their workforces.

Most of the CFO Act agencies submitted baseline assessments. In an effort to examine the OPM’s coding procedures and understand the progress of the Act’s implementation, the U.S. Government Accountability Office (GAO) reviewed the baseline assessments and coding procedures from the reporting agencies. It also interviewed personnel at both the OPM and the CFO Act agencies and published its findings in a report to congressional committees.

What it learned was less than encouraging.

Of the 24 CFO Act agencies that were required to submit baseline assessments, 21 of them complied with the Act and sent their analyses to Congress. Three agencies—the Department of Homeland Security, the U.S. Department of Housing and Urban Development and the Small Business Administration—did not submit assessments due to a lack of tools and resources, among other reasons. Even then, four of the agency assessments didn’t contain all relevant information, namely, they didn’t discuss the level of preparedness of employees without certifications to take certification exams. Additionally, one agency failed to discuss in its assessment how it planned to mitigate certification gaps.

These findings point to a larger trend: agencies struggled to obtain certification information in general. For six of the 21 agencies that submitted assessment, the response rate on questions concerning certifications for cybersecurity positions was only 15-42 percent. Two agencies in particular said employees’ responses were voluntary due to union and legal concerns. Then again, participating agencies couldn’t expect much better. At the time of release for the GAO’s report, there was no government-wide requirement for cybersecurity employees to have certifications. Most agencies didn’t individually require certifications, six said they had some requirements and only the Department of Defense (DoD) required certifications for all cybersecurity jobs. However, the DOD still failed to establish coding procedures for non-civilian cybersecurity positions.

Timing likely played a role in all of these shortcomings. First, NICE had not identified a list of certifications by the December 2016 deadline for CFO Act agencies to submit their reports. As a result, agencies were forced to develop their own approaches to mapping cybersecurity certifications. Second, OPM didn’t submit its coding guidance until January 2017, and it specified that agencies weren’t supposed to complete their assignment of 3-digit codes for cybersecurity positions until April 2018. This means CFO Act agencies had to submit reports on cybersecurity employees’ certifications before having the chance to properly evaluate their workforce, a reality which forced them to come up with their own criteria for assessing their employees’ qualifications.

Given these findings, the GAO concluded in its report that agencies’ assessments might not reflect their workforce accurately:

…[B]ecause agencies have not consistently defined the workforce and NICE had not developed a list of appropriate certifications, efforts such as conducting the baseline assessment to determine the percentage of cybersecurity personnel that hold appropriate certifications have yielded inconsistent and potentially unreliable results. By not conducting assessments or including all required information in the assessments, some of these agencies may lack valuable information that could help them identify the certification and training needs of their cybersecurity employees that are charged with protecting federal information and information systems from cyberattacks.

The GAO therefore proposed 30 recommendations to 13 agencies that will help them fulfill the Act’s requirements on baseline assessments and coding procedures. The specific details of those recommendations are available in the GAO’s report, which is available for download here.

Outside of the Federal Cybersecurity Workforce Assessment Act, federal agencies across the board need to take proper safeguards to protect themselves against digital threats and maintain compliance with federal information security standards. To learn how Tripwire can help with both of these objectives, click here.

 

via:  tripwire

Facebook reverses its crypto ad ban

As there’s clearly too much ad revenue potential to ignore, Facebook today announced it’s reversing its cryptocurrency ad ban effective immediately. The decision comes with a few caveats, however. The company says it will allow ads and related content from “pre-approved advisers,” but will still not allow ads promoting binary options and initial coin offerings.

Facebook had first enacted the ban in January, saying at the time that too many companies in this space were “not currently operating in good faith.”

While it admitted that banning all crypto advertising was a broad change, the company said that its new policy would “improve the integrity and security of our ads, and to make it harder for scammers to profit from a presence on Facebook.”

But it had also said the policy would be revisited over time, as its ability to protect deceptive ads improved.

Fast forward six months, and apparently Facebook is ready for the crypto ad onslaught yet again.

This time around, it’s making advertisers go through an application process to determine their eligibility. Facebook will ask advertisers to include on their applications details like what licenses they’ve obtained, whether they’re a publicly traded company, and other relevant background information regarding their business.

How thoroughly this information is fact-checked by Facebook staff remains unclear.

The company reminded users in the same announcement that they should continue to flag ad content that violates its guidelines. In other words, expect some bad ads to get through.

Facebook explains its new requirements will keep some crypto advertisers from being able to hawk their businesses on the social network, but adds that its policy in this area continues to be a work in progress.

“…We’ll listen to feedback, look at how well this policy works and continue to study this technology so that, if necessary, we can revise it over time,” says Rob Leathern, Product Management Director, in Facebook’s announcement.

Facebook’s original decision to ban crypto ads was followed by Google in March, when the company cited the “unregulated” and “speculative” nature of many of the advertised products. Its new policy begin this month. Twitter and Snap also have some policies around crypto ads, with Twitter only showing ads for exchanges and wallets provided by publicly traded companies and Snap allowing crypto ads but banning those for ICOs.

The crypto industry is rife with scams, so it makes sense that these major platforms would need some rules around what’s allowed. According to the FTC, consumers lost $532 million to cryptocurrency-related scams in the first two months of 2018, Coindesk reported on Monday. And an agency official warned that consumers will lose more than $3 billion by the end of the year.

Facebook says the full crypto ad ban is lifted today for approved advertisers.

 

via:  techcrunch

Got an old PC? Your time running Windows 7 may be up

Microsoft abandons support for Windows 7 on Pentium III-era machines.

Microsoft has dropped support for Windows 7 on a range of PCs dating back to turn of the millennium.

PCs whose processors lack support for multimedia instructions called SSE2 will no longer receive security updates for Windows 7, Microsoft has confirmed.

The issue first arose in March this year, when Microsoft issued a security update, (KB4088875), which generated a stop error on computers that didn’t support SSE2.

While Microsoft initially indicated it was working to resolve the error on Windows 7 machines, it later changed its advice, telling owners of affected PCs to “upgrade your machines with a processor that supports SSE2 or virtualize those machines”.

The result is that cumulative Windows 7 patches won’t install on PCs lacking SSE2 support from the March update onwards. Those who want to continue using Windows 7 on such machines will have to risk using PCs unpatched against the latest security threats.

Windows 7 was sold with the condition that security updates would continue to be issued until January 2020. But TechRepublic’s sister site ZDNet points out that Microsoft is entitled to make such a change under its Business, Developer and Desktop Operating Systems Policy, which states: “Older products may not meet today’s more demanding security requirements. Microsoft may be unable to provide security updates for older products”.

CPUs have supported SSE2 since 2000, with the multimedia instructions having been commonplace in processors since 2004 — meaning you’re unlikely to be affected unless you’ve held on to a Pentium III-era machine.

Last year Microsoft confirmed that laptops running on Intel Atom Clover Trail chipsets will not receive any Windows 10’s feature updates after the Anniversary Update, issued in summer last year.

 

 

via:  techrepublic

State Officials Request More Federal Money for Election Security

State officials requested more money from the federal government to help fund their efforts towards better election security.

On 21 June, three state officials who appeared on a panel before the Senate Rules Committee said they’d welcome additional monies from the Election Assistance Committee (EAC), a U.S. agency created by the Help America Vote Act of 2002 (HAVA) which provides assistance to states via its Office of Grants Management.

One of those state officials was Jim Condos, Secretary of State for Vermont. As quoted by CyberScoop:

While our upgrades to equipment and cybersecurity will be an ongoing challenge for many states, the federal funding received will regrettably be insufficient to do all that we want or need. However, we are very grateful for the boost that these federal funds provide us at this time.

Minnesota’s secretary of state Steve Simon concurred by asking that “those in Congress consider some ongoing way to provide some resources for us along those same lines.” He said the $6.6 million already afforded to his state by the EAC was helpful but that election security is “expensive” and requires greater funding.

Jay Ashcroft, Secretary of State for Missouri, put it even more succinctly: “If you send it, we will use it.”

Together, the three officials said that additional monies could fund their states’ efforts to hire IT staff to maintain statewide voter registration systems, implement security measures like two-factor authentication and conduct post-election audits.

Condos, Simon and Ashcroft requested more funding despite uncertainty involving what role the federal government should play in state elections. In early 2017, the Department of Homeland Security (DHS) labeled the entire United States’ election system as “critical infrastructure.” This designation made protecting polling places and election systems a priority for the Department after reports of Russian interference in the 2016 U.S. presidential election.

Not everyone supported that decision. For example, the National Association of Secretaries of State issued a statement calling the DHS designation “legally and historically unprecedented.” Others worried the designation could lead to federal overreach into state elections.

Ahead of the 2018 midterm elections, state officials are still trying to figure out what type of balance will help them best defend against election hacking. That arrangement could involve a requirement that states run post-election audits in order to obtain additional funding, an option which was discussed at the hearing.

States aren’t the only government bodies that need to be worried about blackhat hackers. Federal agencies also need to take steps to secure their networks against computer criminals.

 

via:  tripwire

AT&T collaborates on NSA spying through a web of secretive buildings in the US

A new report from The Intercept sheds light on the NSA’s close relationship with communications provider AT&T.

The Intercept identified eight facilities across the U.S. that function as hubs for AT&T’s efforts to collaborate with the intelligence agency. The site first identified one potential hub of this kind in 2017 in lower Manhattan.

The report reveals that eight AT&T data facilities in the U.S. are regarded as high-value sites to the NSA for giving the agency direct “backbone” access to raw data that passes through, including emails, web browsing, social media and any other form of unencrypted online activity. The NSA uses the web of eight AT&T hubs for a surveillance operation code-named FAIRVIEW, a program previously reported by The New York Times. The program, first established in 1985, “involves tapping into international telecommunications cables, routers, and switches” and only coordinates directly with AT&T and not the other major U.S. mobile carriers.

AT&T’s deep involvement with the NSA monitoring program operated under the code name SAGUARO. Messaging, email and other web traffic accessed through the program was made searchable through XKEYSCORE, one of the NSA’s more infamous search-powered surveillance tools.

The Intercept explains how those sites give the NSA access to data beyond just AT&T subscribers:

The data exchange between AT&T and other networks initially takes place outside AT&T’s control, sources said, at third-party data centers that are owned and operated by companies such as California’s Equinix. But the data is then routed – in whole or in part – through the eight AT&T buildings, where the NSA taps into it. By monitoring what it calls the “peering circuits” at the eight sites, the spy agency can collect “not only AT&T’s data, they get all the data that’s interchanged between AT&T’s network and other companies,” according to Mark Klein, a former AT&T technician who worked with the company for 22 years.

The NSA describes these locations as “peering link router complex” sites while AT&T calls them “Service Node Routing Complexes” (SNRCs). The eight complexes are spread across the nation’s major cities, with locations in Chicago, Dallas, Atlanta, Los Angeles, New York City, San Francisco, Seattle and Washington, D.C. The Intercept report identifies these facilities:

Among the pinpointed buildings, there is a nuclear blast-resistant, windowless facility in New York City’s Hell’s Kitchen neighborhood; in Washington, D.C., a fortress-like, concrete structure less than half a mile south of the U.S. Capitol; in Chicago, an earthquake-resistant skyscraper in the West Loop Gate area; in Atlanta, a 429-foot art deco structure in the heart of the city’s downtown district; and in Dallas, a cube-like building with narrow windows and large vents on its exterior, located in the Old East district.

… in downtown Los Angeles, a striking concrete tower near the Walt Disney Concert Hall and the Staples Center, two blocks from the most important internet exchange in the region; in Seattle, a 15-story building with blacked-out windows and reinforced concrete foundations, near the city’s waterfront; and in San Francisco’s South of Market neighborhood, a building where it was previously claimed that the NSA was monitoring internet traffic from a secure room on the sixth floor.

While these facilities could allow for the monitoring of domestic U.S. traffic, they also process vast quantities of international traffic as it moves across the globe — a fact that likely explains why the NSA would view these AT&T nodes as such high-value sites. The original documents, part of the leaked files provided by Edward Snowden, are available in the original report.

 

via:  techcrunch

Pokémon GO is finally going to let players trade Pokémon

Just shy of two years after launch, Pokémon GO is finally about to roll out one of its most notably absent features: Pokémon trading.

A staple of the series, trading lets players swap their Pokémon with another player in the never-ending quest to, well, catch ’em all.

The trading mechanics will be tied into a new Friend system; the Friend system will roll out later this week, with the trading mechanics going live “soon after” (though Niantic doesn’t want to get more specific than that, presumably in case something breaks).

Here’s how it all works:

    • To trade with someone, you must be their in-game friend *and* within 100 meters (~320 ft.) of them.
    • To become friends, you exchange your unique Trainer Codes.
    • Once friends, you’ll get in-game perks for playing together. Your Pokémon will get attack bonuses when battling gyms together, for example — and when you raid together, you’ll get extra Pokéballs.

    • The more you play together (raiding, battling gyms, etc), the higher your relationship level will be.
    • Certain Pokémon (Legendaries, Shinies and any Pokémon you don’t already have) are considered “special trades.” You can only make special trades with the players with whom you’ve reached the higher tiers of friendship. In other words, they mostly want you trading with the people you play with somewhat regularly — not rando spoofers selling Pokémon on eBay.
    • You can only make one special trade per day.
    • Trades cost stardust (the in-game resource otherwise required for powering up a Pokémon). The rarer the Pokémon, the more it’ll cost to trade. Having a higher friendship level, though, will offset that a bit (note in the example below, for instance, how it starts at a rather insane requirement of a million stardust and drops down to a more manageable 40,000 as the friendship level, shown in the upper right, increases).

Meanwhile, they’ve also introduced another entirely new concept as part of the friend system: Gifts. Every once in a while, spinning a Pokéstop will give you a “Gift” item. You can’t open it yourself — instead, you’re meant to send it to a friend for them to open. It’ll arrive marked with a photo of the stop where you picked it up — a little Pokéstop post card, of sorts, bundled with a handful of “helpful items.” Niantic doesn’t say exactly what those “helpful items” might be, though they do note that they could include eggs containing Alolan Pokémon (which, for the most part, haven’t been made available in-game yet).

While the trading/friend system might seem a bit complicated, with its stardust requirements and daily limits and friendship requirements, it theoretically helps limit some issues that a free-for-all trade system might face. It’s easy to imagine someone spoofing back and forth around the world to farm rare Pokémon as they pop up, slinging them on eBay (or wherever) for a few bucks a pop, and just spoofing to an agreed location to initiate a trade. Requiring players to have some history of playing/raiding/battling gyms together before they can trade the good stuff makes that a bit more challenging.

 

via:  techcrunch

60,000 Android devices hit by battery-saving app attack

Computer security experts have discovered an unusual attack targeting users of Android devices.

As researchers Yonathan Klijnsma and Aaron Inness explain on the RIskIQ blog, the attack starts with a relatively pedestrian fake warning message that popped-up on some Android users’ devices as they browsed the web.

The warning message is customized to the specific device by grabbing the model number and brand of the Android phone that is being used, presumably in an attempt to dupe users that the advice they are reading is legitimate rather than produced by a pop-up.

In the example shared by the researchers, the message is customized for the Samsung SM-G925A.

Samsung cleanup might be required!

Your Samsung SM-G925A might be slowed down and your battery may discharges quickly.

Please clean your Samsung memory to solve this problem and increase phone speed.

Install recommended app for FREE to clean your Samsung immediately!

Underneath the warning, the user is prompted to click either the Install or Cancel button. However, it makes no difference which option you choose as you will be taken to a page in the official Google Play store regardless.

You *could* press the back button in your browser, but you’ll only find yourself on the receiving end of yet more pressure to install the app that the fake warning is recommending.

So what happens if you do go to the Google Play store and install the battery-saving app being touted by the fake warning?

The first thing that should ring alarm bells in you is that the app demands access to a disturbing array of permissions including:

  • Read sensitive log data
  • Receive text messages (SMS)
  • Receive data from Internet
  • Pair with Bluetooth devices
  • Full network access
  • Modify system settings

I can’t think of any legitimate reason why a genuine battery-saving app would ever need such invasive abilities, which in combination with the app’s other functionality allows it to steal a user’s phone number, location, and details about their device including its IMEI number.

And so it comes as something of a surprise to discover that the Advanced Battery Saver app actually does live up to its advertising – monitoring a device’s battery status, killing unwanted background processes that consume significant resources, and making other attempts to keep batteries running for longer.

And it’s this strange dichotomy – the good and the bad behavior – which leads the researchers to speculate that the battery-saving app was perhaps originally designed to perform its intended advertised function (and to fulfill only that purpose) before being extended by its creators into underhand methods of income generation.

Chief among those is the app’s request for access to a user’s SMS text messages. One installed, the battery-saving app recruits devices into an ad-clicking scam, with the app “clicking” on advertising links it is sent via SMS to earn more income for the fraudsters behind the scheme.

At the time of writing, the app remains available in the Google Play store and is believed to have been downloaded in the region of 60,000 times.

Be sure to check out the full blog post from RiskIQ’s researchers to learn more about the scam.

 

via:  tripwire

Cancer Center Fined $4.3M for HIPAA Violations Involving Data Breaches

A cancer center received an order to pay $4.3 million in a settlement for HIPAA violations that involved multiple data breaches.

On 18 June, the United States Department of Health and Human Services (HHS) announced in a press release that one of its Administrative Law Judges (ALJs) ruled in favor of its Office for Civil Rights (OCR) and against The University of Texas MD Anderson Cancer Center (MD Anderson).

The judge said in his decision that MD Anderson must therefore pay $4.3 million for its failure to comply with the the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules. That penalty will include $2,000 for each day it wasn’t compliant between 24 March 2011 and 25 January 2013 as well as a $1.5 million fine each year for its noncompliance in both 2012 and 2013.

In a Notice of Proposed Determination, HHS revealed that OCR sought to impose those fines as a result of three data breaches affecting MD Anderson. The first incident, which occurred in April 2012, involved the theft of an unencrypted laptop containing the electronic personal health information (ePHI) of nearly 30,000 individuals. The other incidents, which occurred later in 2012 and 2013, both involved the loss of USB devices on which was stored the ePHI of a combined 6,000 persons.

At the time of those incidents, MD Anderson had written policies including encryption requirements. Even so, it didn’t begin to implement its program until August of 2011, explained HHS in its Notice, and had not achieved complete encryption of its information assets as of January 2013. For its failure to manage its risk through encryption, MD Anderson violated one of the key information security elements required by HIPAA.

OCR Director Roger Severino said he supports the ALJ’s decision. As quoted in the HHS press release:

OCR is serious about protecting health information privacy and will pursue litigation, if necessary, to hold entities responsible for HIPAA violations. We are pleased that the judge upheld our imposition of penalties because it underscores the risks entities take if they fail to implement effective safeguards, such as data encryption, when required to protect sensitive patient information.

All organizations that handle ePHI need to make sure they achieve HIPAA compliance lest they incur penalties of their own. To help enterprises, Tripwire’s solutions use foundational controls and real-time monitoring that satisfy the HIPAA Security Rule (Part 164). Learn more here.

 

via:  tripwire