ACA’s section 1557 requires Nondiscrimination Notices for Limited English Proficiency (LEP)

Beginning on October 17, 2016, covered entities under the Affordable Care Act (ACA) of 2010 will be required under section 1557 to post Notices of Nondiscrimination and Taglines which alert individuals with limited English proficiency (LEP) to the availability of language assistance services.

HHS OCR’s website has sample documents of a Notice of Nondiscrimination, Statement of Nondiscrimination and Taglines available for download in 64 languages and in two file formats at this link

To see the guideance from HHS on the top 15 languages spoken in your state, visit the this link.

Example:
screen-shot-2016-09-14-at-5-14-10-pm

Hutton Hotel PCI Breach 9/2/16

From http://www.huttonhotel.com/notice/CA/

What Happened

After being alerted to a potential security incident by our payment processor, we began an investigation of our payment card systems and engaged a leading cybersecurity firm to assist. Findings from the investigation show that unknown individuals were able to install a program on the payment processing system at the Hutton Hotel designed to capture payment card data as it was routed through the system.

What Information Was Involved

The program could have affected payment card data—including cardholder name, payment card account number, card expiration date, and verification code—of guests who used a payment card to pay for or place hotel reservations during the period from September 19, 2012 to April 16, 2015, or who made purchases at the onsite food and beverage outlets from September 19, 2012 to January 15, 2015 and from August 12, 2015 to June 10, 2016.

What You Can Do

It is always advisable to remain vigilant to the possibility of fraud by reviewing your payment card statements for any unauthorized activity. You should immediately report any unauthorized charges to your card issuer because payment card rules generally provide that cardholders are not responsible for unauthorized charges reported in a timely manner. The phone number to call is usually on the back of your payment card.

What We Are Doing

Hutton Hotel has implemented enhanced security measures, including the use of stand-alone payment processing devices, to prevent any further unauthorized access to payment card data. We also notified law enforcement and will continue to support their investigation. In addition, we are working closely with the payment card companies to identify potentially affected cards so that the card issuers can be made aware and initiate heightened monitoring on those accounts. For those guests that we can identify as having used their payment card during the at-risk window and for whom we have a mailing address or email address, we will be mailing a letter or sending an email to them.

For More Information

Hutton Hotel deeply regrets any inconvenience or concern this may have caused. If you have questions, please call 844-575-7462 between 8:00 a.m. and 8 p.m. Central time, Monday through Friday.

NorQuest College woes of alleged harassment in IT data theft

NorQuest College is in Edmonton, Alberta and Clarence Orleski was the manager of technology infrastructure until being terminated on December 4, 2012 by executives Shawn Terlson and John Smith.  Apparently, Orleski did not get along with Smith and on a September 20, 2012 morning of a planned meeting Smith received an email from Orleski stating:

"I've been wanting to touch base with you and get the name (and contact info) of the lady you introduced to me back in the late fall last year…

I forget her name, but she is the one that you and her thought no one was in the office at the time. I was going to interrupt the two of you, but I felt I might be intruding on something, so I just hung around for a while. 🙂

…I think her name was (woman's name)"

Orleski then went to the meeting and exclaimed he couldn't stand the sight of Smith and requested to work from home until his planned retirement of March 2013.  The request was denied and Orleski was given a disciplinary warning.

The next day, September 21, Orleski allegedly ran DBAN on his NorQuest work laptop to wipe his hard disk.  A few days later, Orleski was reprimanded by Smith for a $10,000 phone bill on his work phone and iPad while on vacation in Europe.  Smith told Orleski that he was not expected to be available (i.e. not to expect the college to pay the bill.)  Orleski then went on sick leave for two months until his firing.

January 21, 2013, NorQuest college then terminated Terlson.  Terlson then received an email:

"I guess what I'm trying to figure out is which one are you? 'Dumb' or 'Dumber'… Don't worry, Mr. pretty boy (Smith) won't be far behind you…

On February 19, 2013, dozens of executives and staff at NorQuest college received an email full of PDFs which started with:

"What you're about to read is correspondence of a sexual nature between myself (John Smith) and my little playful sweetie"

On March 1st, 2013, a court order was issued and Orleski's personal computer, iPad, phone, and other storage were confiscated by that afternoon.  A $2 million claim of damages was made by the college but a settlement was made in 2015 and the lawsuit ended in January 2016.  In the end, a privacy breach was uncovered of unrelated materials stored on the 2.4 gigabytes of 45,920 files in a folder on Orleski's computer including financial data, employee personnel information, and an employment contract of the college president. 

Breach of ? 47k Asiana Airlines passports & bank details

Asiana Airlines’ passengers had images of their scanned passports showing data as old as September 2014 from an exposure of its website which revealed attachments from customer query emails. The exposure appears to have been from the Frequently Asked Questions (FAQ) section of their website and files saved their since May 2015.
Immediately after the discovery, Asiana temporarily shut down its server for the FAQ section.
Korea Internet and Security Agency has launched an external investigation to look at the violation of Korea’s 2011 Personal Information Protection Act.
Other websites which may face the same investigative scrutiny that were built by Asiana are Air Busan and Air Seoul.

Passport of Asiana Air Customer
Passport of Asiana Air Customer

Easy Giving – Support the Cause

Just a reminder that shopping is a new and easy way to give to Information Security Pro. At infosecpro.causenetwork.com, over 1,000 stores donate up to 10% of every purchase back to us. It is just that easy, and it does NOT cost you any extra.

Please go to infosecpro.causenetwork.com now, add the site to your “favorites”, and remember us when you need to shop. We’re really humbled by your generosity, and the difference you’re making in the information security world. Thanks for being a supermember of the Information Security Pro community.

Thank you for your ongoing support.

download

Information Assurance & Cyber Security Research and Education, a 501(c)(3)