Presentation is loading. Please wait.

Presentation is loading. Please wait.

Case 2: Privacy and Security Cases

Published byIveta Mašková Modified over 6 years ago

Similar presentations

Presentation on theme: "Case 2: Privacy and Security Cases"— Presentation transcript:

1 Case 2: Privacy and Security Cases

2 Disclosure of individually identifiable information can occur deliberately or accidentally and can occur within an organization or be the result of an external breach of security.

3 Cases on privacy A Michigan-based health system accidentally posted the medical records of thousands of patients on the Internet (The Ann Arbor News, February 10, 1999). An employee of the Tampa, Florida, health department took a computer disk containing the names of 4,000 people who had tested positive for HIV, the virus that causes AIDS (USA Today, October 10, 1996). A few weeks after an Orlando woman had her doctor perform some routine tests, she received a letter from a drug company promoting a treatment for her high cholesterol. (Orlando Sentinel, November 30, 1997).

4 A banker who also sat on a county health board gained access to patients' records and identified several people with cancer and called in their mortgages. A candidate for Congress nearly saw her campaign derailed when newspapers published the fact that she had sought psychiatric treatment after a suicide attempt. A 30-year FBI veteran was put on administrative leave when, without his permission, his pharmacy released information about his treatment for depression.

5 A privacy case on Google
The FTC charged that Google had placed tracking cookies on users’ computers, in some cases working around the privacy settings of Apple’s browser

6 A Privacy case on facebook
A German court ruled against Facebook Inc. for the way it uses members' addresses to solicit new users. It also ruled Facebook can't force users to grant the social network a comprehensive license to their content. Facebook didn't adequately explain to users the workings of a feature called "Friend Finder." Friend Finder imports users' contacts to ask their friends to join Facebook.

7 A security case on KT 2 people hacked into the network system of KT Corp, leaking personal information of about 8.7 million mobile phone subscribers. Seven others were booked without physical detention on charges of buying the leaked data for telemarketing purposes. Police suspect the telemarketers used the data, which contained personal information on the subscribers, their phones and monthly plans, to contact customers whose contracts are close to expiration or considered likely to change phone plans. Officials estimate the suspects earned at least 1 billion won (US$877,000) from the illegal marketing

8 Other security cases in S. Korea
Hackers struck the consumer finance firm Hyundai Capital Services Inc. and the National Agricultural Cooperative Federation, or Nonghyup, early last year, stealing customers' personal data and crippling online transactions. Personal information by 35 million users was leaked in August 2011, hit by hacking attacks on two popular portal Web sites operated by SK Communications Co., the worst ever online security breach in Korea.

9 A security case on HPA

10 How did they find it? The compromise came through a SQL injection attack on the company's website. Heartland immediately found out about it, and thought they had eradicated the malware. Roughly six months later, in mid-May 2008, the malware made the leap from the corporate network to the payment processing network, but HPS didn't know that at the time. Two weeks prior to the date the payment system was compromised, HPS was approved by their Qualified Security Assessor (QSA) as PCI compliant. In late October 2008, HPS discovered they "might have a problem" based on information provided by one of the major card brands. Three forensics firms hired by HPS analyzed their IT security network; all three said the HPS system was free of malware. In January 2009, HPS staff members found the malware.

11 Action by the company The company's lawyers recommended a minimal level of disclosure about the breach, but Carr decided against that policy. HPS had a tradition of open communications with employees and customers, and Carr decided that he wanted to maintain that policy and share information as fully as possible. "We did a good job of damage control," he said during his October 16 speech. The company paid a heavy price. The stock price fell 78% in the weeks after disclosure, and 5,000 of the company's 250,000 merchants left. HPS was delisted by Visa and MasterCard. Four months later, VISA reinstated HPS.

12 Lessons learned from the case
"You can't just rely on firewalls." "Knowledge of security threats should not be viewed as a competitive advantage." When it comes to threats, companies should share information with peers and collaborate. HPS did not have an incident response plan in place at the time of the breach. It does now. The malware was able to move from HPS's corporate network to its payment processing system because of "human error."

Download ppt "Case 2: Privacy and Security Cases"

Similar presentations

Our Digital World Second Edition

Our Digital World Second Edition
Overview of HIPAA regulations Privacy policies Presence Regional EMS System 2014 HIPAA: Health Insurance Portability and Accountability Act 1.

Overview of HIPAA regulations Privacy policies Presence Regional EMS System 2014 HIPAA: Health Insurance Portability and Accountability Act 1.
Information Security Jim Cusson, CISSP. Largest Breaches 110,000 2009-11-27 NorthgateArinso, Verity Trustees 6,400 2009-11-25 Aurora St. Luke's Medical.

Information Security Jim Cusson, CISSP. Largest Breaches 110, NorthgateArinso, Verity Trustees 6, Aurora St. Luke's Medical.
Greg Lamb. Introduction It is clear that we as consumers and entrepreneurs cannot expect complete privacy when discussing business matters. However… There.

Greg Lamb. Introduction It is clear that we as consumers and entrepreneurs cannot expect complete privacy when discussing business matters. However… There.
Presented by: Dan Landsberg August 12, 2011. Agenda  What is Social Media?  Social Media’s Professional Side  Benefits of Social Media  Regulatory.

Presented by: Dan Landsberg August 12, Agenda  What is Social Media?  Social Media’s Professional Side  Benefits of Social Media  Regulatory.
1.7.6.G1 © Family Economics & Financial Education –March 2008 – Financial Institutions – Online Banking Funded by a grant from Take Charge America, Inc.

1.7.6.G1 © Family Economics & Financial Education –March 2008 – Financial Institutions – Online Banking Funded by a grant from Take Charge America, Inc.
External Threats to Healthcare Data Joshua Spencer, CPHIMS, C | EH.

External Threats to Healthcare Data Joshua Spencer, CPHIMS, C | EH.
What is E-Commerce? Section 8.1. What is E-commerce? E-commerce is the exchange of goods, services, information, or other businesses through electronic.

What is E-Commerce? Section 8.1. What is E-commerce? E-commerce is the exchange of goods, services, information, or other businesses through electronic.
1 Title ECI: Anatomy of a Cyber Investigation Who Are the Actors.

1 Title ECI: Anatomy of a Cyber Investigation Who Are the Actors.
Risks and Revenues Virtual Business Copyright © Texas Education Agency, 2012. All rights reserved.

Risks and Revenues Virtual Business Copyright © Texas Education Agency, All rights reserved.
MEDICARE PART D Are We Ready? Are We Ready?. Medicare Part D Overview Medicare Part A and B covers individuals Age 65 and older Age 65 and older Those.

MEDICARE PART D Are We Ready? Are We Ready?. Medicare Part D Overview Medicare Part A and B covers individuals Age 65 and older Age 65 and older Those.
Online Social Networking. Agenda Survey Results What is Online Social Networking? Popular Online Social Networking Sites Privacy Settings for Facebook.

Online Social Networking. Agenda Survey Results What is Online Social Networking? Popular Online Social Networking Sites Privacy Settings for Facebook.
Introduction to Computer Ethics

Introduction to Computer Ethics
Security of the Distributed Electronic Patient Record: A Case-Based Approach James G. Anderson, Ph.D. Purdue University.

Security of the Distributed Electronic Patient Record: A Case-Based Approach James G. Anderson, Ph.D. Purdue University.
 Why is this important to you?  How do digital footprints connect with digital citizenship?  Does everyone have a digital footprint?

 Why is this important to you?  How do digital footprints connect with digital citizenship?  Does everyone have a digital footprint?
Data Security and Payment Card Acceptance Presented by: Brian Ridder Senior Vice President First National September 10, 2009.

Data Security and Payment Card Acceptance Presented by: Brian Ridder Senior Vice President First National September 10, 2009.
Customer Interface for wuw.com 1.Context. Customer Interface for wuw.com 2. Content Our web-site can be classified as an service-dominant website. 3.

Customer Interface for wuw.com 1.Context. Customer Interface for wuw.com 2. Content Our web-site can be classified as an service-dominant website. 3.
The Global Leader in Professional Networking April Kelly Building a Brand and Professional Networking.

The Global Leader in Professional Networking April Kelly Building a Brand and Professional Networking.
Tamra Pawloski Jeff Miller. The views, information, and content expressed herein are those of the authors and do not necessarily represent the views of.

Tamra Pawloski Jeff Miller. The views, information, and content expressed herein are those of the authors and do not necessarily represent the views of.
Chapter 6 Discovering the Scope of the Incident Spring 2016 - Incident Response & Computer Forensics.

Chapter 6 Discovering the Scope of the Incident Spring Incident Response & Computer Forensics.

Similar presentations

Ads by Google