Why are hacked healthcare records so valuable? It’s because they can be combined with other information to create a complete identity kit. Make no mistake—in most cases the stolen health information is the foundation of a counterfeit identity. That is why health records are so valuable to criminal groups around the world. Stolen patient records often end up for sale on the deep web as part of information packages called “fullz” and “identity kits” that can be used by fraudsters to commit a wide variety of crimes.

In the wake of this week’s rollout by NACHA, The Electronic Payments Association, of same-day ACH payments in the U.S., fraud departments at originating and receiving banks should be bracing for the new risks posed by faster payments. Developing robust anti-fraud procedures is even more critical now, as same-day ACH is the first step toward the move to real-time payments over the course of the next two years.

Most bankers probably don’t give the webcam at the top of their computer or laptop a second thought. That needs to change. If you don’t believe me, believe FBI Director James Comey and Facebook CEO Mark Zuckerberg. They both cover theirs.

Phase 2 of the HIPAA audits is fully underway, and covered entities now can take a breath if they have not received a desk audit request. But we still are at the beginning of Phase 2, with more to come. One of the best ways to ensure that your HIPAA compliance is in order is to prepare as if an audit is imminent. Here are some steps that covered entities and business associates can take to further prepare:

A business associate has settled a direct enforcement action over allegations that it potentially violated HIPAA. We can expect future HIPAA enforcement actions against business associates.

What Happened? It all started with the theft of a smart phone.

Federal regulators are intensifying the spotlight on security risks posed to healthcare organizations and business associates by vulnerabilities in third-party applications.

On June 7 the HHS OCR stated, “Recently, it has been reported that third-party application software security vulnerabilities are on the rise. Many covered entities and business associates may think their computers and devices that utilize operating systems are secure because the covered entities and business associates are deploying operating-system updates, but many systems are still at risk from third-party software.”

Security researchers say there’s been a flood of new malware variants reaching the market and cybercriminals are eager to cash in on the profit potential afforded by ransomware. A new “ransomware” program dubbed Ranscam has been working its way around and is far more blunt than more sophisticated ransomware programs.

The current round of HHS audits have increased their scrutiny on healthcare providers’ Business Associates. This means that just having a BA agreement in place is not enough; healthcare organizations need to also look at the security controls in place for each of their BAs.

A new banking data management program VRMBuilder.com is available from Lincoln firm MetaLogic. This program is rolling out at two levels that will allow banks to organize and manage their data on a secure, user-friendly platform. The platform is offered at two tiers to fit the individual needs of community banks.

The regulatory compliance burden for banks and all other businesses in Nebraska that deal with personal information has just been increased. By changing the definition of personal information to include things like usernames, passwords, and security questions there is now more information that needs to be protected in order to avoid breaches and the hassles that accompany them.