- Privacy Rights Clearinghouse Research the privacy rights clearinghouse and report on three cases of data breaches. Rep

[answerhappygod]

- Privacy Rights Clearinghouse Research
the privacy rights clearinghouse and report on three
cases of data breaches. Reports should identify root
causes of the breaches and potential risks that were exposed.
Source (article provided the screenshots attached )

Privacy Rights Clearinghouse Research The Privacy Rights Clearinghouse And Report On Three Cases Of Data Breaches Rep 1 (525.72 KiB) Viewed 38 times

Privacy Rights Clearinghouse Research The Privacy Rights Clearinghouse And Report On Three Cases Of Data Breaches Rep 2 (952.48 KiB) Viewed 38 times

Privacy Rights Clearinghouse Research The Privacy Rights Clearinghouse And Report On Three Cases Of Data Breaches Rep 3 (636.57 KiB) Viewed 38 times

JOURNAL OF ACCOUNTANCY | AUDIT COVID-19 | TAX | PRACTICE MANAGEMENT I FINANCIAL REPORTING Check on data breaches at the Privacy Rights Clearinghouse By J. Carlton Collins, CPA September 1, 2019 f in RELATED March 9, 2022 SEC proposes new rules for cybersecurity reporting February 17, 2022 Tax pros are subject of 'spearphishing' attacks February 4, 2022 Federal security agencies warn of potential Russian-sponsored cyberattacks A not-for-profit organization called the Privacy Rights Clearinghouse has been collecting and reporting personal data breaches since 2005. You can access these data breach records at privacyrights.org/data-breaches and search the database by year, company, type of organization, and type of breach. The organization reports, as of June 2019, a total of 8,804 breaches in the United States affecting more than 11.5 billion personal identification records in other words, we've all likely had our personal information stolen multiple times. A snapshot of the most current data breaches under investigation as of May 21, 2019, shows how the data is reported (pictured below, but I've excluded the company names). In this example, we can see that these 18 data breaches occurred across 13 states (California, Connecticut, Delaware, Florida, Illinois, Indiana, Kentucky, Massachusetts, Minnesota, New York, Oregon, Texas, and Washington), affecting 286,487 data records. These breaches occurred as a result of hacking, theft, loss of computer, unauthorized access, improper disclosures, and various hacking and phishing events targeting laptops, portable devices, emails, desktop computers, network servers, and other devices. TOPICS Technology Information Security & Privacy Breach Report Results State O Covered Entity Type : Individuals Affected Breach Submission Date O Type of Breach Location of Breached Information CT 05/09/2019 Healthcare Provider Laptop, Other Portable Electronic Device, Paper/Films WA 05/08/2019 Paper/Films Healthcare Provider NY Health Plan 05/08/2019 Email KY 05/06/2019 Laptop Healthcare Provider IN 05/06/2019 Email Healthcare Provider TX 05/06/2019 Email Healthcare Provider MN 05/06/2019 Email, Network Server Healthcare Provider CA 05/03/2019 Business Associate Email 3578 1893 7605 2000 3600 4300 10993 662 1... Theft Loss Unauthorized Access/Disclosure Unauthorized Access/Disclosure Hacking/IT Incident Hacking/IT Incident Hacking/IT Incident Hacking/IT Incident
Access/Disclosure KY 2000 05/06/2019 Unauthorized Laptop Healthcare Provider Access/Disclosure IN 3600 05/06/2019 Hacking/IT Incident Email Healthcare Provider TX 4300 05/06/2019 Hacking/IT Incident Email Healthcare Provider MN Healthcare 10993 05/06/2019 Hacking/IT Incident Email, Network Server Provider CA Business 662 05/03/2019 Hacking/IT Incident Email Associate TX 1228 05/03/2019 Unauthorized Email Business Associate Access/Disclosure 4246 05/02/2019 Theft Healthcare Provider Desktop Computer CT 25148 05/01/2019 Hacking/IT Incident Network Server Healthcare Provider TX 930 04/30/2019 Unauthorized Other Healthcare Provider Access/Disclosure FL Health Plan 757 04/29/2019 Unauthorized Other Access/Disclosure OR 3048 04/26/2019 Hacking/IT Incident Email Healthcare Provider DE Healthcare 8591 04/26/2019 Hacking/IT Incident Email Provider IL Health Plan 676 04/24/2019 Unauthorized Other Portable Electronic Device Access/Disclosure MA 206695 04/22/2019 Business Associate Hacking/IT Incident Network Server NY Healthcare 537 04/22/2019 Hacking/IT Incident Network Server Provider Each data breach record contains detailed descriptions of the breach. For example, the screenshot below highlights a data breach in which a laptop was stolen from an employee's parked vehicle. O WA 10/11/2018 Theft Laptop Healthcare 2300 Provider No Business Associate Present: Web Description: On June 26, 2018, a case manager's laptop computer and housing participant rent information was stolen from her parked vehicle. The computer did not contain electronic protected health information (ePHI), but potentially provided access to the covered entity's (CE's) electronic medical records which contained approximately 2,531 individuals' ePHI. The ePHI potentially affected by the breach included names, social security numbers, addresses, driver's license numbers, dates of birth, diagnoses, lab results and medications. In response to the breach incident, the CE sanctioned its workforce member. Following OCR's investigation, the CE provided breach notification to the affected individuals and the media, updated its policies and procedures, and retrained its workforce. techqa9
Each data breach record contains detailed descriptions of the breach. For example, the screenshot below highlights a data breach in which a laptop was stolen from an employee's parked vehicle. WA 10/11/2018 Theft Laptop Healthcare 2300 Provider No Business Associate Present: Web Description: On June 26, 2018, a case manager's laptop computer and housing participant rent information was stolen from her parked vehicle. The computer did not contain electronic protected health information (ePHI), but potentially provided access to the covered entity's (CE's) electronic medical records which contained approximately 2,531 individuals' ePHI. The ePHI potentially affected by the breach included names, social security numbers, addresses, driver's license numbers, dates of birth, diagnoses, lab results and medications. In response to the breach incident, the CE sanctioned its workforce member. Following OCR's investigation, the CE provided breach notification to the affected individuals and the media, updated its policies and procedures, and retrained its workforce. While hacking and theft were involved in many of these data breaches, many other data breaches occurred as a result of employee mistakes. For example, in some cases employees sent emails where all email addresses were visible to all recipients (i.e., they did not use the blind copy field to list email addresses). In other cases, employees sent emails containing sensitive information to the wrong recipients. In one case, an employee improperly allowed her husband to access her computer records to assist her with her work. In other cases, employees threw away trash containing sensitive information without properly shredding the paper-based data. Any CPA concerned with information security may want to spend a few minutes looking through some of the data breach explanations to better understand the types of breaches that are occurring today. About the author J. Carlton Collins, CPA, ([email protected]) is a technology consultant, a conference presenter, and a JofA contributing editor.