◆ Health care companies take much longer than nearly every other industry to identify and contain a data breach, a study from the Ponemon Institute and IBM shows. It takes a health care company around 350 days to identify and contain a breach, the study shows. That’s second only to the entertainment industry, which takes around 367 days to identify and contain a breach, according to researchers. Financial services organizations took 217 days to identify and contain a breach, the fewest out of the industries studied. Organizations with a proactive disaster recovery program can reduce the mean time to identify and contain the breach by more than 30%, and reduce the average daily cost of the data breach by more than half, according to the study. Learn more and access the study at https://ibm.co/2P3N8X7.
◆ The Centers for Medicare & Medicaid Services says a breach in a government computer system that operates alongside the HealthCare.gov health insurance exchange involved approximately 75,000 people (RPP 11/18, p. 12). A letter sent to breach victims in November said that the breach exposed the names, dates of birth, addresses, genders and the last four digits of Social Security numbers for minors whose parents or guardians applied for health insurance for them via the marketplace. Other information provided on the applications, including income, tax filing status, family relationships, whether applicants were citizens or immigrants, employers, and whether the applicant was pregnant, also might have been breached, the letter said. See information on the breach at https://bit.ly/1meDziz.