Banks: Credit Card Breach at Staples Stores

Posted on KrebsonSecurity, October 14, 2014

Multiple banks say they have identified a pattern of credit and debit card fraud suggesting that several Staples Inc. office supply locations in the Northeastern United States are currently dealing with a data breach. Staples says it is investigating “a potential issue” and has contacted law enforcement.

According to more than a half-dozen sources at banks operating on the East Coast, it appears likely that fraudsters have succeeded in stealing customer card data from some subset of Staples locations, including seven Staples stores in Pennsylvania, at least three in New York City, and another in New Jersey.

Framingham, Mass.-based Staples has more than 1,800 stores nationwide, but so far the banks contacted by this reporter have traced a pattern of fraudulent transactions on a group of cards that had all previously been used at a small number of Staples locations in the Northeast. <READ MORE>

Ensuring the Security of Your Company’s Data

From: Intuit QuickBooks, by Andrea Hayden on July 20, 2014

This was posted to our site back in August. Since that time a very nasty ransom ware, CryptonWall 2.0 has surfaced.  If you get hit, plan on spending at least $500.00 just to get your data back.

This article provides you with some guidelines and is worth your time to give it a look. Thanks for visiting our site – Randy Centrella <READ MORE>

Coalition presses HHS for MU fix

From: Healthcare IT News, by Bernie Monegain, October 15, 2014

Coalition urges focus on interoperability, reporting relief, revamping EHR certification.

A coalition of healthcare associations today called on HHS Secretary to revamp the meaningful use program.  “Without changes to the MU program and a new emphasis for interoperable EHRs/EMRs systems and HIT infrastructure, we believe that the opportunity to leverage these technologies will not be realized,” the organizations wrote.

The letter is signed by the American Academy of Family Physicians, American Medical Association, Medical Group Management Association, National Rural Health Association, Memorial Healthcare System, Mountain States Health Alliance, Premier healthcare alliance and Summa Health System.

The AMA also wrote a separate letter to CMS and ONC, pushing a similar agenda and offering a detailed “blueprint.”  The coalition letter to Burwell references the recent final rule that provided some flexibility in cases where certified EHRs were not available. <READ MORE>

Nearly 7 Million Dropbox Account Passwords Allegedly Hacked

From: The Hacker News, October 14, 2014

Internet users have faced a number of major privacy breaches in last two months. Major in the list are The Fappening, The Snappening and now the latest privacy breach in Dropbox security has gained everybody’s attention across the world. Dropbox, the popular online locker service, appears to have been hacked by an unnamed hacker group. It is still unclear how the account details of so many users were accessed and, indeed, if they are actually legitimate or not. However, the group claims to have accessed details from nearly 7 million individual accounts and are threatening to release users’ photos, videos and other files.


A thread surfaced on Reddit today that include links to files containing hundreds of usernames and passwords for Dropbox accounts in plain text. Also a series of posts with hundreds of alleged usernames and passwords for Dropbox accounts have been made to Pastebin, an anonymous information-sharing site. <READ MORE>

4 Strategies for Dealing With Lazy Employees

From Intuit QuickBooks, by Rebecca Lake on September 17, 2014

Employees who don’t pull their weight cause business owners a lot of frustration. Even worse, when their performance is consistently poor, it has the potential to impact your company’s profitability. The latest State of the American Workplace Report estimates that disengaged workers cost the U.S. between $450 and $550 billion in lost productivity each year. If you’ve invested a significant amount of time and effort in training your staff, it may be worth it to try to re-energize a team member who’s gone off-course. Take a look at these four tips for helping slacker employees get their mojo back. <READ MORE>

The best relationships are built offline

From: Inside Counsel, By Mike Evers, October 7, 2014

Mike Evers of Evers Legal helps put social media into context

I was in Louisville, Kentucky, on September 26 to participate on a panel discussion of social media use for networking and career development. My thanks to the ACC/Kentucky chapter for the invitation.

I mainly added to the LinkedIn tips I wrote about here earlier this year. Fellow panelists Sonya Som of Major Lindsey & Africa and Monica Zent of Foxwordy offered terrific insights for using online tools to offer value, build a personal brand and earn introductions. As a side benefit to this engagement, I was excited to improve my own use of social media when I got back home. But getting back home turned out to be the best networking and relationship lesson worth sharing.

Several participants, including yours truly, fell victim to the arson fire in a control tower in Aurora, Illinois, that shut down air traffic into Chicago and left us stranded in Louisville. But the general counsels from an earlier panel are not the types who just hang around waiting for a solution. One rented a car right away and headed home. Another invited me to join a lovely, unexpected dinner in Louisville that night, and a few of us car-pooled home the next morning. They turned lemons into lemonade, and we had a fun road trip. I’ll leave out the names, as we really did not talk shop, and I view the experience as private.

And that’s the point. Getting to actually know people offline is exponentially more fun and effective versus online interactions. That is how relationships take off and initial trust is built. And candidly, offline contact is when people decide if they want to help or perhaps even hire you — either as an employee or an outside service provider. Hey, I am not everyone’s cup of tea. Maybe this specific experience will pay business related dividends, maybe not. The larger point: It inspired me to focus on the highest priority. Instead of working on my online networking when I got home, I started scheduling in-person meetings, lunches, etc. Improving my online presence comes second to that. <READ MORE>

Employee Happiness: Why It Matters

From: Intuit QuickBooks, by Rebecca Lake on September 2, 2014

When you’re trying to grow a business, keeping your customers happy is sure to be high on your list of priorities. While it’s certainly important to take an interest in who’s buying your products or services, you don’t want to overlook the people who are driving your company’s success from the inside. Making sure your employees are content in their jobs is vital for staving off burnout and it can also make a positive impact on your bottom line.

Linking Job Satisfaction and Performance

Companies like Google and Facebook routinely make headlines for their innovative approach to employee perks, with workers enjoying benefits ranging from free meals and on-site gyms to thousands of dollars in tuition reimbursement. The reasoning is simple: The happier workers are, the more productive they’re likely to be. When you consider the billions of dollars these companies pull in each year, it’s hard to argue with that kind of logic.

The connection between happiness and productivity has become a hot topic for researchers in recent years. A 2010 study from The Wharton School of the University of Pennsylvania found that higher levels of job satisfaction equated to better market returns for companies. More recently, a group of researchers from the UK’s University of Warwick found that increased happiness levels can boost productivity by as much as 12 percent [pdf]. The study, published in the Journal of Labor Economics, specifically cites Google as a prime example of how making the effort to keep workers happy pays off in terms of efficiency and overall work quality. <READ MORE>

CMS allows for more hardship exceptions

From: Healthcare IT News, by Mike Miliard, Managing Editor, 10/7/14

New Application Due Date – November 30, 2014

The Centers for Medicare & Medicaid Services will reopen the submission period for meaningful use hardship exception applications.

[See also: MU tech glitch may cost docs millions]

The new due date for hospitals and physicians hoping to avoid 2015 Medicare payment adjustments is Nov. 30, 2014.

Previously, the deadlines for hardship exemption applications for those eligible hospitals and eligible professionals unable to demonstrate meaningful use of certified electronic health record technology were April 1 and July 1, respectively.

Some 44,000 providers applied for hardship exceptions before those deadlines, hoping to duck 1 percent reduction Medicare Part B claims in 2015, CMS reported on Sept. 29. It didn’t say how many of those applications were approved.

The American Recovery and Reinvestment Act allows for HHS to “consider, on a case-by-case basis, hardship exceptions for eligible hospitals, critical access hospitals and eligible professionals to avoid the payment adjustments,” according to CMS.

This new application (PDF) submission period is meant for: <READ MORE>

In the Trenches: Answering the Phone

From Intuit QuickBooks, by Brett Snyder on September 17, 2014

Maybe it’s just the way my generation works, but I generally feel more comfortable doing business online than I do over the phone. With that bias, I assumed that we’d do most of our business online at Cranky Concierge as well. I even designed the business to function better that way, but I’ve come to realize that was wrong. We’ve been working to fix this problem.

When I launched the business, I of course acquired a toll-free number along with a local number for those outside the U.S. However, I put more effort into creating the website and handling transactions and interactions online and via email. I figured people would prefer it that way, just as we did

Once the business started, I didn’t worry all that much about incoming phone calls. If I expected a call (usually to give us credit card or other sensitive data), then I’d answer. But otherwise, for general inquiries, I’d let it go to voice mail and then just call someone back if needed. (If a client called while traveling, the concierge would always answer the phone unless busy. <READ MORE>

The Secret to Secure Data in the Cloud? Know What You’re Up Against

From: Law Technology Today, Posted by: Ajay Patel September 30, 2014

The issues of data security and sovereignty have become hot topics in recent years as increasing amounts of sensitive, confidential and personal information is stored in the cloud. With these concerns have come revisions to laws in many countries and jurisdictions to keep up with the changing landscape of data privacy.

The trickiest thing to legislate is managing the exchange of information across borders, simultaneously allowing the transfer of data while maintaining the maximum level of security. This requires multi-national agreements in an attempt to get different countries with different laws to comply to a unilateral level of data protection.

However, this can mean that data is not always as well protected as we think. For instance, the Safe Harbour agreement sidesteps legal obstacles to transmitting personal information between the European Union and the United States by setting out “the adequate level of protection for the transfer of data from the [EU] to the United States [that] should be attained if organisations comply with the Safe Harbour privacy principles for the protection of personal data transferred from a [EU] Member State to the United States.” This is separate from the privacy policies of the EU and the US, requiring only adherence to the Safe Harbour privacy principles of notice, choice, onward transfer, security, data integrity, access and enforcement. <READ MORE>