Total Identity Protection

The Federal Government’s New HITECH Act, which went into effect on September 23, 2009, strengthens the rules designed to protect the privacy and security of health-related data.  However, vague wording in the regulations written by the Office of Health and Human Services (HHS) has opened the door to under-reporting of data breaches, which will in turn put breach victims at undue risk of medical identity theft.

The Interim Final Rule issued by HHS on August 24, 2009 says that a data breach incident of Personal Health Information (PHI) only requires notification if the breach represents a “Significant risk of financial, reputational or other harm to the individual whose PHI has been compromised” as determined by the breached organization.  This, unfortunately, could lead some health organizations to abandon best-practice standards in an effort to minimize short-term costs associated with responding to breaches.

Since the law does not include clear risk standards for organizations to follow, this ultimately could lead to a “fox guarding the chicken coop” phenomenon.

Consumer and patient advocates have asked HHS to revisit the wording of the regulations, so organizations inclined to under-report breaches will likely be required to follow the intent of the law anyway.

In the meantime, however, health care firms intent on protecting themselves and their patients should implement best-practice approaches to assessing risk.  One litmus test Identity Force recommends its clients to implement when assessing risk, beyond evaluating the data that was breached, how it was breached, and the likelihood that the data was accessed by potential fraudsters, is to imagine that their personal information is part of the breached data – and to ask themselves what type of personal protection they would want to keep from becoming a victim of medical identity theft.

It is important to remember that HITECH comes with stiff penalties, including increasing civil monetary penalties for HIPAA noncompliance to as much as $50,000 per violation.

Read more…

Eastern European hackers have been indicted by a federal grand jury for a hack that allowed them and their accomplices to steal $9M in a single day from credit card processor RBS WorldPay.

The US Department of Justice today issued a statement that four hackers from Estonia, Moldavia and Russia have been indicted on charges of hacking into a computer network operated by Royal Bank of Scotland’s WorldPay division. They were charged with 16 counts of conspiracy to commit wire fraud, wire fraud, conspiracy to commit computer fraud, computer fraud, access device fraud and aggravated identity theft.

Additionally, four fraudsters from Tallinn, Estonia, were indicted for access device fraud, for using fake payroll debit cards to withdraw cash from ATMs.

The hackers got into the RBS WorldPay system and copied a database of payroll debit cards that employees use to withdraw their regular salaries from ATMs. The hackers then created 44 cloned payroll debit cards, and sent them to a network of “cashers” around the world.

Read more…

It’s always important to prevent identity theft, but never so much as during the holiday season. As you begin your Christmas shopping, of course you use your credit cards a lot more than usual. Not only that, but something about the holidays seems to make people just a little more careless with their personal information. But make no mistake: identity thieves don’t take vacation.

At least, not at Christmas. This is the hot time for identity thieves just like retail outlets. And that means that preventing identity theft is more pertinent now than ever. The following 3 tips will help you.

1. Don’t leave bills or credit card offers sitting in the mailbox

For some reason, when we don’t want to see a credit card bill we seem to think that leaving it in the mailbox for a few days prevents us from dealing with it. Actually, all that does is offer identity thieves the chance to get their hands on your credit info.

Read more…

Let me level with you:I am a writer and businessman, not a law enforcement professional. Most law enforcement personnel expert in identity theft are busy tracking it down and fighting the good fight against a crime that will claim ten million new victims this year alone. They do not have time to write articles about it.

They chase down the scumbags and criminals that tear people’s lives apart at the seams. Iget the word out and try to convince people to be smart and protect themselves. I’m not sure who has the harder job, the cops or me. For whatever reason some people do not seem to get the old saying that “an ounce of prevention is worth a pound of cure.” There are people out there who have read my articles and not acted on them. When one of those people finds out the hard way that identity theft is a real threat, it’s on them.They had the information.I did my little part to help them protect themselves.

Anyway, to answer the question that someone recently asked, “How do you know so much about identity theft?” I want to give the most honest answer I can.

Read more…

Upromise participation is unlikely to pay for four years of college but many consumers want to know, is it worth my time at all? How much will it help me save? How hard is it to do?

Even before the current economic downturn, many families were already concerned about how they could save enough money for college. Whether online ads or ads by the gas tanks, many parents have heard of Upromise and wondered, does Upromise deliver on saving for college? Upromise participation is unlikely to pay for four years of college but many consumers want to know, is it worth my time at all? How much will it help me save? How hard is it to do? What is Upromise? Upromise is an online site that can help put some money away for college. Upromise provides a savings tool for the expenses of higher learning. This service takes part of the money you spend on ordinary purchases and deposits it into your Upromise.com account. In other words, you’re not depositing money for college.

Read more…

Because data breaches have become such commonplace incidents, there is concern that people have become desensitized to the potential harm they face when receiving a notification letter from an organization that they’ve trusted with highly personal information, that this information has been lost or misappropriated.

A recently published report from Javelin Strategies should be a wake up call to those people.

“The Javelin report, Data Breach Notifications: Victims Face Four Times Higher Risk of Fraud, is based on multiple years of data and includes updates on 2009 data breaches, implications of changes to the legislative landscape and the technical means by which data breaches occur.”

This report should also be heeded by those banks, healthcare organizations, government agencies, insurance companies and others that we entrust with our social security and checking account numbers, birthdates and mothers’ maiden names,  and in some cases our personal health information.

Read more…