Employee had access to patient database as part of her job, report says

An employee at Johns Hopkins Hospital may have leaked the personal information of more than 10,000 patients in an identity fraud scam.

According to a report filed to the administrator of the state of Maryland’s Identity Theft Program (PDF), some 31 individuals with connections to Johns Hopkins have reported identity thefts since Jan. 20. Law enforcement agencies suspect the thefts might be part of a fraudulent driver’s license scheme discovered in neighboring Virginia.

Continue reading …

A honeypot can be a cheap, easy, and effective warning system against the trusted insider gone bad

My professional life has been full of clients devastated by trusted, internal attackers. In every case, the damage done amounted to hundreds of thousands of dollars. In one case, the victimized company incurred costs exceeding $1 million in recovery efforts. Everyone involved is bound by a nondisclosure agreement, so none of these cases has made the news, even though the service outages have been significant and widespread.

Continue reading the article at InfoWorld

In subway survey, 37 percent of workers say they could be bought

Would you sell your company’s secrets to a stranger for $1.5 million? More than one-third of employees surveyed last week said they would — and some of them said they’d do it for less.

In their annual visit to London’s railway stations, researchers from the InfoSecurity Europe conference asked 600 commuters whether they’d sell their company’s sensitive data in exchange for various forms of compensation. Last year, the researchers got many railway riders to give up their passwords for a chocolate bar.

Continue reading the article

Small businesses are chief laggards in deploying data leakage protection technology, researchers say
Despite recent headlines and instances of insider attacks, many companies still are not acting to protect themselves from insider threats, according to two new analyst reports.

Forrester Research earlier this week published a study called “Data Security Challenges and Technology Adoption in 2008,” which offers a detailed look at enterprises’ attitudes about security and the deployment of next-generation security technologies.

Continue reading the article