Cyber insurance provides an opportunity to address residual risk in your information security program to offset the costs due to a data breach of ePHI. However, individuals polices, coverage and exclusions are highly variable, so just like any security control it's important to understand your security risk profile before an appropriate security insurance policy can be defined. An assessment, such as a HIPAA Security Risk Analysis should be the first step in any insurance policy strategy. Here's why: A) You'll have to do it anyway, B) The safest approach is to avoid a breach in the first place, C) Your risk profile will enable a better tailored policy.
With kids at home, online shopping has been more appealing to my wife and me than ever. However, last night we received the following email from Garnet Hill about a recent security incident. This highlights the trade-off between the convenience of online shopping and the security risk of planting your personal data at sites around the Internet. I called the 800 number on the notification but they were not able to provide any additional information, so I also sent an email to the address specified in the notification. I am interested to know if anyone can provide any insight as to whether this is related to the McDonald’s incident, or if this is something new? I am also interested to know specifically what “preferences” were compromised. Does anyone have any insight? Here’s the notification…..[Update: I received a return call from the Garnet Hill marketing department within an hour of my call to them. They did not know specifically what preferences were compromised but were very friendly and promised to look into it… i’ll keep you posted. They were not willing to provide the name of the email marketing company that was compromised, but a little digging indicates it is likely Silverpop.]
Dear Valued Customer,
Additionally, we are cooperating with law enforcement officials who are currently investigating this incident. We apologize for any inconvenience to you, and have outlined a number of email precautions you can take to help ensure your privacy online.
Email scams, spam, and other attacks on email systems are on the rise, but, by taking certain precautions when receiving emails, you can continue to safely use email for your business and personal needs:
We take your privacy very seriously and will continue to work diligently to protect your information, whether held by us or by our service providers. Garnet Hill’s internal databases, which house all customer-provided data, were in no way compromised. Our email provider has taken significant steps to further protect the limited customer information held in its databases. If you have any questions or concerns regarding this incident, please contact us toll-free at 800-870-3513 or email us at [email protected].