Stolen Laptops Result in $2M HIPAA fines

Serving notice that “covered entities and business associates must understand that mobile device security is their obligation,” the HHS Office for Civil Rights has settled with two organizations for a combined $1,975,220 penalty after their unencrypted computers were stolen.

That’s a big number. And that’s because it’s meant to drive home the point that unencrypted laptops and mobile devices pose significant risks to the security of patient information, said Susan McAndrew, OCR’s deputy director of health information privacy. “Our message to these organizations is simple: Encryption is your best defense against these incidents,” she said.

Source: Healthcare IT News

3 Million Customer Credit, Debit Cards Stolen in Michaels, Aaron Brothers Breaches

Brian Krebs is at again, breaking news regarding another large data breach. This time is Irving, Texas-based Michaels Stores Inc. losing 3 Million credit card numbers.,default,pg.html

Infogressive CEO, Justin Kallhoff Quoted in CRN articles

Infogressive CEO, Justin Kallhoff was quoted in two different articles released this week by CRN:
FireEye, NSS Labs Continue To Trade Barbs Over Testing Report Credibility
Prevention Core To Palo Alto Networks’ Philosophy

Mandiant Releases 2014 Annual Report

Mandiant released their 2014 annual report, “M-Trends 2014: Beyond the Breach” today. We found the report to be succinct and informative, so we thought we would share it!
Download the report here

Brian Krebs covers the Target Breach

Our very smart friend and all around hilarious reporter Brian Krebs (KrebsonSecurity) does a great job covering a lot of breaches and issues in information security. We particularly found his coverage of the Target breach to informative and on point, so we wanted to share it with our visitors.

Email Attack on Vendor Set Up Breach at Target

We find it’s always better to fire people on a Friday….

Note: We received this from a friend in the Omaha security community. We’re not (nor was he) sure if it’s true or not, but it was too funny and serves as a good reminder regardless of authenticity, so we wanted to share.

“We find it’s always better to fire people on a Friday. Studies have statistically shown that there’s less chance of an incident if you do it at the end of the week.”
— Bob Slydell, Office Space

Well, not all the time, Bob. Allow me to explain.

On Friday, November 15, 2013, I started to receive reports of my web server being unreachable for connections originating from outside the central office. I checked my servers in a panic and found all of them were humming along like a satchel of hornets. I checked the connection with my smartphone and saw that my website was indeed unresponsive. I also checked some other work websites and saw that they were unresponsive from the outside too. Checking further, I found that not only were the DNS entries not resolving externally, all traffic was disappearing into an unanswered pit of silence. It took the ISP working a 72-hour weekend shift to fix the issue. The issue? Allegedly a technician was fired on that fateful Friday and decided to play a little real life “Grand Theft Auto: Fiber Seeking Backhoe Expansion Pack” and did some unauthorized excavating at an ISP networking site. The attached picture of the aftermath speaks volumes. Yes, those are unearthed fiber conduits. This also affected many other organizations in the Metro area. I guess it is true that you can only reduce your risks but never eliminate them, even when canning someone on a Friday.


Next Generation Firewall (NGFW) vs. Unified Threat Management (UTM) What is the difference?

We get the question a lot in the field and during presentations, “What is the difference between NGFW and UTM?”  Andrew Plato wrote a blog article on the subject and I’d say his opinions have a lot of merit.  Certainly worth a read for those wondering about the differences or those that like to watch the information security market evolve.


Amazon Phishing Attacks

I received a really well designed phishing attack today targeted at Amazon, so I thought I’d share it in hopes that it might save a few people.

Justin Kallhoff
CEO, Infogressive

[Read the full story]

Justin Kallhoff Earns GIAC Certified Forensics Analyst (GCFA)

GCFAs have the knowledge, skills, and abilities to handle advanced incident handling scenarios, conduct formal incident investigations, and carry out forensic investigation of networks and hosts.

Infogressive Security Team Adds OSCP, GCIA and CISSP Certifications

More certifications added to the Infogressive team.

Take a look at who earned these achievements in the .pdf document located here.

<< Older posts