{"version":"1.0","provider_name":"OTAVA","provider_url":"https:\/\/www.otava.com","title":"PCI & HIPAA Data Breaches of 2012: Lessons Learned","type":"rich","width":600,"height":338,"html":"<blockquote class=\"wp-embedded-content\" data-secret=\"elH6o3fr45\"><a href=\"https:\/\/www.otava.com\/blog\/pci-hipaa-data-breaches-of-2012-lessons-learned\/\">PCI &#038; HIPAA Data Breaches of 2012: Lessons Learned<\/a><\/blockquote><iframe sandbox=\"allow-scripts\" security=\"restricted\" src=\"https:\/\/www.otava.com\/blog\/pci-hipaa-data-breaches-of-2012-lessons-learned\/embed\/#?secret=elH6o3fr45\" width=\"600\" height=\"338\" title=\"&#8220;PCI &#038; HIPAA Data Breaches of 2012: Lessons Learned&#8221; &#8212; OTAVA\" data-secret=\"elH6o3fr45\" frameborder=\"0\" marginwidth=\"0\" marginheight=\"0\" scrolling=\"no\" class=\"wp-embedded-content\"><\/iframe><script type=\"text\/javascript\">\n\/* <![CDATA[ *\/\n\/*! This file is auto-generated *\/\n!function(d,l){\"use strict\";l.querySelector&&d.addEventListener&&\"undefined\"!=typeof URL&&(d.wp=d.wp||{},d.wp.receiveEmbedMessage||(d.wp.receiveEmbedMessage=function(e){var t=e.data;if((t||t.secret||t.message||t.value)&&!\/[^a-zA-Z0-9]\/.test(t.secret)){for(var s,r,n,a=l.querySelectorAll('iframe[data-secret=\"'+t.secret+'\"]'),o=l.querySelectorAll('blockquote[data-secret=\"'+t.secret+'\"]'),c=new RegExp(\"^https?:$\",\"i\"),i=0;i<o.length;i++)o[i].style.display=\"none\";for(i=0;i<a.length;i++)s=a[i],e.source===s.contentWindow&&(s.removeAttribute(\"style\"),\"height\"===t.message?(1e3<(r=parseInt(t.value,10))?r=1e3:~~r<200&&(r=200),s.height=r):\"link\"===t.message&&(r=new URL(s.getAttribute(\"src\")),n=new URL(t.value),c.test(n.protocol))&&n.host===r.host&&l.activeElement===s&&(d.top.location.href=t.value))}},d.addEventListener(\"message\",d.wp.receiveEmbedMessage,!1),l.addEventListener(\"DOMContentLoaded\",function(){for(var e,t,s=l.querySelectorAll(\"iframe.wp-embedded-content\"),r=0;r<s.length;r++)(t=(e=s[r]).getAttribute(\"data-secret\"))||(t=Math.random().toString(36).substring(2,12),e.src+=\"#?secret=\"+t,e.setAttribute(\"data-secret\",t)),e.contentWindow.postMessage({message:\"ready\",secret:t},\"*\")},!1)))}(window,document);\n\/\/# sourceURL=https:\/\/www.otava.com\/wp-includes\/js\/wp-embed.min.js\n\/* ]]> *\/\n<\/script>\n","description":"Here\u2019s a review of the top 2012 data breaches within both the PCI and HIPAA compliant industries, and a quick analysis of what went wrong so you can easily learn from their lessons without accruing the associated costs and legalities. 3.8 Million Tax Records Stolen in Largest State Agency Attack Both Social Security and credit card numbers were stolen from the South Carolina Department of Revenue by hackers in August. A phishing email enabled hackers to steal credentials from users and eventually steal 74 GB of encrypted and unencrypted data. Lessons learned: Encryption is a requirement for all organizations (including federal) that store credit card data and therefore need to meet PCI DSS compliance standards. One step ahead of encryption is administrative security, including training staff on security issues, which can prevent users from clicking on phishing emails and allowing the initial breach to occur. Check with any third-parties to ensure their staff is also properly trained. Server Hack Leads to HIPAA Violation by Utah Department of Health In April, 780,000 individuals were affected in a server hack at the authentication level that allowed hackers to access and steal SSNs and personal health records from the Utah Department of Health....","thumbnail_url":"https:\/\/www.otava.com\/wp-content\/uploads\/2019\/04\/hipaa-white-paper.gif"}