Information Security & Data Breach Report November 2012 Update
|
|
- Daniel Bell
- 7 years ago
- Views:
Transcription
1 Information Security & Data Breach Report November 2012 Update
2 2 Information Security and Data Breach Report The impact of data breaches continues to be discussed in boardrooms across America as well as Capitol Hill. In September, Senator John D. Rockefeller IV (D., W.Va.) sent a letter to all Fortune 500 CEOs asking them a series of questions about data protection and cybersecurity. Senator Rockefeller s actions demonstrate increased concern even though the US Securities and Exchange Commission (SEC) issued guidelines in October 2011 for companies to disclose the risk of cyber incidents within their financial statements. With companies brands at stake, executives are taking a more active approach to managing data breach risks and developing response plans to protect the organization in the event a breach occurs. We are pleased to release the November 2012 update of Navigant s Information Security and Data Breach Report. This report is designed to keep the legal community and corporate executives apprised of data breach activity, spotlight notable breaches, and identify trends and other major changes taking place in the information security arena. The goal of this publication is to answer the following principal questions: 1. What is the total number of breaches per quarter? 2. What types of entities are experiencing breaches? 3. What is the average number of days between discovery and disclosure of a data breach? 4. What types of data are being compromised? 5. What is the average number of records per breach? 6. What are the leading causes of data breaches? 7. What is the average total cost of a data breach? Methodology Used For Identifying Data Breaches We have captured all major data breaches disclosed publicly during the second and third quarters of 2012 (April 1, 2012 September 30, 2012). We evaluated multiple sources to compile a list of breaches that took place in the United States involving a minimum of 1,000 exposed or potentially exposed records. 1 The incidents identified in this report involve breaches in which physical and electronic records were hacked, lost, stolen, or improperly exposed or discarded. 1. What is the total number of breaches per quarter? Navigant identified 49 major data breaches in Q3 compared to 60 in the previous quarter, representing an 18% decrease between reporting periods. The total number of individual records breached in Q3 was 2,258,839 records, whereas 4,406,641 records were breached in Q2, a 49% decrease quarter to quarter. The top ten breaches in Q3 were split between Corporate, Government and Healthcare. Corporate entities had the top three largest breaches representing over 1.2 million records. DATA BREACH DASHBOARD Healthcare entities again accounted for the largest percentage of the data breaches identified in either quarter (Q3: 49% vs. Q2: 40%). 2 The number of days between discovery and disclosure for Education entities increased from 31 days in Q2 to 36 days in Q3. Services companies were the most commonly breached Corporate entities in both quarters (Q2: 45% vs. Q3: 40%). The average number of records per breach decreased 37% from quarter to quarter (Q2: 73,444 vs. Q3: 46,099). There was a 49% decrease in the total number of records breached from quarter to quarter (Q2: 4.41 million records vs. Q3: 2.26 million records). One of the largest data breaches identified in Q3 involved a well-known internet search engine. The California based firm had more than 453,000 accounts breached by hackers. The hackers stole login credentials and passwords using an SQL injection attack. The plain text login credentials and cracked passwords were posted on several hacking sites. The specific content was part of a self-publishing service that had registered users. A group of hackers calling themselves D33Ds Company penetrated the company network through a development server and extracted the account information from this source. The hackers injected database commands into user input fields to trick the servers into releasing the login credentials and passwords. It is unclear if any other personal information was hacked as part of this breach. In response, the company stated it has fixed the vulnerability and has reached out to notify affected users their access might have been compromised. Following the breach, a federal lawsuit was filed alleging the company failed to employ basic security measures to protect user information. 2. What types of entities are experiencing breaches? For purposes of this report, the types of organizations that experienced a data breach are divided into five main categories: Healthcare, Corporate, Education, Government and Other. 3 These designations provide an overview of the entities that experienced a physical or electronic records breach. Across both quarters, Healthcare entities had the largest percentage of breaches identified. In Q3, Healthcare entities accounted for 49% of all breaches identified, followed by Corporate (21%), Education (14%), Government (10%), and Other (6%) (See Figure 1). In Q2, Healthcare entities experienced 40% of the data breaches identified, followed by Education (22%), Government (20%), Corporate (15%) and Other (3%) (See Figure 2).
3 3 Q2 & Q FIGURE 1: Q Breaches by Type of Entity Healthcare 49% Corporate 21% An interesting item to note is that Manufacturing and Services had the largest average records per breach in Q3, whereas Retail & Wholesale Trade and Services had the largest average records per breach in Q2. Across both quarters, 79% of the Corporate entities were private firms while 21% were publically traded. Other 6% As part of Navigant s analysis, we further parsed the Corporate entities to get a better sense of the type of corporations experiencing a data breach. The types of Corporate entities most frequently experiencing a data breach in Q3 and Q2 are shown below. Q Q Services (40%) Services (45%) Retail & Wholesale Trade (40%) Insurance & Finance (33%) Government 10% Manufacturing (10%) Retail & Wholesale Trade (11%) Education 14% FIGURE 2: Q Breaches by Type of Entity Healthcare 40% Other 3% Government 20% Corporate 15% Education 22% Insurance & Finance (10%) Transportation, Utilities & Public Services (11%) A notable corporate data breach occurred at a social networking site in early July The question and answer site had its security breached, resulting in 420,000 passwords being accessed. The passwords were posted to a security forum, but user names or identifying information were not revealed. Once alerted to the breach, the company found a live development server was hacked and used to take information from a production database. Following the breach, the company upgraded its password security and asked its 28 million registered users to reset their passwords due to the data breach. 3. What is the average number of days between discovery and disclosure of a data breach? Data security regulations and the increasing danger of identity theft have elevated the importance of a timely response and disclosure after the discovery of a data breach. Discovery takes place when either electronic or physical records are confirmed to be lost or stolen, or data is otherwise identified as compromised. Disclosure can be made through notification to those affected by the data breach and to a regulatory agency, and in certain situations, news of the breach can be disclosed by the media through publications, websites or blogs. Forty-six states and several U.S. territories including Guam, the Virgin Islands and Puerto Rico have enacted data breach reporting requirements for different types of data. Generally, a company is required to conduct a reasonable investigation regarding the incident. Many states have established specific timelines for notification. States such as Texas and Connecticut have recently passed legislation strengthening data breach notification rules. In Texas, businesses must provide notice to both residents and non-residents when a data breach occurs except where the non-resident lives in a state that does not require data breach notification. Those states include Alabama, Kentucky, New Mexico and South Dakota. In the case of Connecticut, the state added a requirement that the Attorney General must also be notified at the same time as residents when a data breach has occurred. The increasing regulatory oversight regarding the disclosure of a data breach has prompted Navigant to track this metric using public sources, news and government websites. The average number of days between discovery and disclosure for all breaches was 57 days in Q3 compared to 60 days in Q2. We also track the average number of days between discovery and disclosure by type of entity (See Figure 3). The time between discovery and disclosure for Corporate entities experiencing a breach decreased 27% from quarter to quarter (Q2: 56 days vs. Q3: 41 days).
4 4 Information Security and Data Breach Report FIGURE 3: Average Number of Days Between Discovery and Disclosure by Type of Entity Q Q Corporate Education Government Other Healthcare Healthcare entities registered a 15% decrease between discovery and disclosure, from 84 days in Q2 to 71 days in Q3. Government entities, on the other hand, had an increase in the time between discovery and disclosure from 45 days in Q2 to 53 days in Q3. The number of days between discovery and disclosure for Education entities increased from 31 days in Q2 to 36 days in Q3. The significant increase in the time between discovery and disclosure for Government entities can be attributed to one specific breach that took place in Indiana. A support services company which specializes in arranging services for health care providers in the areas of child welfare, juvenile justice and special education systems experienced a data breach around May 10, After the company discovered that its website and computer network were hacked, they secured the network and conducted an investigation using a forensic IT expert. The expert identified that a database containing the health records of 1,945 individuals had been copied and downloaded. These records contained information including Social Security numbers (SSNs), demographic information and health information for clients, family members and providers. The company began to notify those affected in early August Based on a review of public documents, there is no indication that credit monitoring was offered to those affected by this incident. Currently, both federal and state authorities require that entities holding protected health information must disclose that a data breach has occurred. The Department of Health & Human Services (DHHS) issued data breach regulations in August At the same time, similar breach notification regulations were issued by the Federal Trade Commission (FTC). As part of directives under the Health Information Technology for Economic and Clinical Health (HITECH) Act, both DHHS and FTC require HIPAA-covered entities to provide notification following a breach of unsecured protected health information no later than 60 days after the incident. 4 From public sources, our analysis shows the average number of days between discovery and disclosure for medical records was 88 days in Q2 compared to 78 days in Q3, representing an 11% decrease from the previous quarter. 4. What types of data are being compromised? The types of data being compromised range from personally identifiable information (PII), such as dates of birth (DOBs), names or SSNs, to financial information, such as bank accounts or credit card numbers. We identified several categories of data commonly at risk in data breaches (See Figure 4) including: Name, Contact Information, SSN, DOB, Medical, Credit Card, , Financial and Miscellaneous. Many of the incidents identified in this report have multiple types of data that were breached. The number of breaches involving some of the most sensitive data, including SSNs, DOBs or medical information varied across both quarters. Breaches involving SSNs FIGURE 4: BREACHES BY TYPE OF INFORMATION Name Credit Card Contact Financial SSN DOB Misc. Medical q q3 2012
5 5 Q2 & Q A breach that involved PII and other patient data involved one of the largest home health services providers in the country. The breach occurred in June 2012 when an employee s laptop was stolen from a locked vehicle in Phoenix, Arizona. The laptop contained billing information for patients across several western states, including California, Arizona and Nevada. The company stated 11,000 patients were affected. The file contained information including SSNs, names, DOBs and other personal health information. In response to this breach, the company notified both federal and state agencies and undertook an internal investigation. The company also provided credit monitoring services for one year to those affected. After the incident, the company strengthened its patient security program by encrypting employee laptops and implementing other internal controls. FIGURE 6: Q Breaches by Type of Method Theft 43% Hacking 27% Loss 10% (Q2: 57% vs. Q3: 55%) and DOBs (Q2: 45% vs. Q3: 35%) decreased from quarter to quarter. 5. What is the average number of records per breach? We have calculated the average number of records per breach by type of entity (See Figure 5). This analysis revealed that the average number of records per breach was 37% lower in Q than in Q (Q2: 73,444 vs. Q3: 46,099). Corporate entities saw the largest change from 45,776 records in Q2 to 133,689 records in Q3, a 192% increase from quarter to quarter. The average number of records per breach decreased 59% from Q2 to Q3 for Government entities (Q2: 190,176 vs. Q3: 78,419). Healthcare entities experienced a decrease in the average number of records per breach from 20,265 records in Q2 to 13,822 records in Q3. The average number of records per breach for Education entities was 91,092 in Q2 versus 13,286 in Q3, a decrease of 85%. Other entities averaged 21,000 records in Q2 and 35,043 records in Q3, a 67% increase quarter to quarter. FIGURE 5: AVERAGE RECORDS PER BREACH BY TYPE OF ENTITY Virus 2% Unknown 2% 6. What are the leading causes of data breaches? The different causes of a data breach are summarized into seven major categories. These categories are Virus, Hacking, Loss, Theft, Public Access/ Distribution, Unauthorized Access/Use, and Improper Disposal. 5 In Q3 (See Figure 6), the most common methods used to breach data were: Theft (43%) Hacking (27%) Public Access/Distribution (12%) Loss (10%) Unauthorized Access/Use (4%) Virus (2%) Unknown (2%) Public Access/ Distribution 12% Unauthorized Access/Use 4% Q2 (See Figure 7) had a similar break-out. Theft was again the most common type of breach (32%) followed by Public Access/Distribution (20%), Hacking (18%), Unauthorized Access/Use (15%), Loss (9%), Improper Disposal (3%) and Virus (3%). 190,176 Q Q Looking at the data by method of breach and type of entity, we identified some interesting statistics. 45, ,689 91,092 13,286 78,419 35,043 21,000 20,265 13,822 Corporate Education Government Other Healthcare 35% of all breaches in Q2 involved Public Access/Distribution and Unauthorized Access/Use while only 16% involved these two methods in Q3. When looking at the data across both quarters, 66% of data breaches involving Public Access/Distribution took place at Education or Government entities. 73% of data breaches involving Theft across both quarters took place at Healthcare entities. The data of Healthcare entities was most often breached by Hacking or Loss.
6 6 Information Security and Data Breach Report FIGURE 7: Q Breaches by Type of Method Virus 3% Theft 32% Public Access/ Distribution 20% One of the largest radiation oncology physician practices experienced a data breach when an employee s bag was stolen. The employee s bag contained back-up media from the company s servers that contained information on 55,000 patients, including names, addresses, DOBs, SSNs, medical record numbers, insurance and clinical information. The theft was reported to authorities and the company took steps to investigate and recover the information. The company also informed patients and employees of the breach. In response to this incident, the physician practice began to encrypt mobile storage devices, upgraded its data storage equipment and revised policies and procedures regarding data production. Based on a review of news articles, there is no indication that credit monitoring was offered to those affected by this incident. Navigant also tracked the format of breached records. We divided the types of records into three categories: physical, electronic and a combination of both. Electronic records may be accessed via CD-ROM, laptop, thumb drive, other media devices, , website or server. In Q3, 84% of the records compromised were electronic, while 12% were physical records, 2% were classified as a combination of both types and 2% were unknown. In Q2, 88% of the records compromised were electronic while 9% were physical records. 3% of the records breached in Q2 were classified as unknown. 7. What is the average total cost of a data breach? Hacking 18% Improper Disposal 3% Loss 9% Unauthorized Access/Use 15% One of the most critical questions being asked relates to the total cost of a data breach for the entities involved. One of the foremost studies on this issue is published by the Ponemon Institute. 6 The most recent information released provides some statistics on the total costs of a data breach. These costs could include detection, discovery, notification, potential legal costs, expost costs, loss of customers, and/or brand damage but will vary with each A city in the Northeastern United States discovered a data breach in late May 2012 following the theft of a city employee s unencrypted laptop from a local library. The laptop was used to input data pertaining to a Rent Rebate Program instituted by the city to help elderly and low income families. The laptop contained personal information on 21,000 participants in the program, including names, addresses, SSNs and DOBs. Using the Ponemon Institute study estimates, the total cost of this data breach might be as high as $4.1 million. The city reported the theft to local police and launched an investigation. Following the investigation, the city notified those affected by the breach and offered call center support and credit monitoring services for two years. The city is also reviewing its data security policies and procedures in response to the incident. specific breach. For purposes of this quarterly report, Navigant calculated the average total cost of a data breach by type of entity and type of breach. The average total cost of a data breach in Q2 was $14,248,139. The average total cost in Q3 was $8,943,158, a 37% decrease. Some notable results from the analysis of total cost of a data breach by entity were (see Figure 8): In Q3, Corporate ($25,935,666) and Government ($15,213,286) entities were above the average total cost of $8,943,158. Education, Healthcare, and Other entities were below the average total cost of a data breach by 71%, 70%, and 24% respectively. In Q2, Corporate ($8,880,544), Healthcare ($3,931,329) and Other ($4,074,000) entities were below the average total cost of $14,248,139. Education entities were just above the average total cost, while Government entities were more than double the overall average. The average total cost of a data breach varied widely by type of entity between quarters. Corporate entities had the largest increase from Q2 to Q3. The average total cost of a data breach increased from $8,880,544 to $25,935,666 million, a 192% increase. Education, Healthcare and Government entities showed decreases in the average total cost of a data breach from quarter to quarter. Education entities decreased from $17,671,773 to $2,577,429. Healthcare entities decreased from $3,931,329 to $2,681,425. Government entities also showed a decrease in the average total cost of a data breach by 59% from quarter to quarter (Q2: $36,894,209 vs. Q3: $15,213,286). Other entities average total cost of a data breach increased 67% from quarter to quarter (Q2: $4,074,000 vs. Q3: $6,798,277). Navigant also calculated the average total cost of a data breach by method of breach (See Figure 9). Unauthorized Access/Use (Q2: $3,948,848 vs. Q3: $8,327,062) showed the most significant increase from quarter to quarter. Loss saw the largest decrease from quarter to quarter, a 99% reduction (Q2: $40,607,886 vs. Q3: $532,646). The other top categories included Virus and Theft, which both showed decreases from quarter to quarter. The methods of breach that cost the most when combining quarters were Hacking, Loss and Public Access/Distribution. In Q3, Hacking ($23,658,135) was the most ex-
7 7 Q2 & Q FIGURE 8: AVERAGE TOTAL COST BY TYPE OF ENTITY FIGURE 9: Average Total Cost by Type of Breach $40,607,886 Q Q $32,769,281 $23,568,135 $582,000 $532,646 $3,948,848 $8,327,062 $11,138,833 $8,005,572 $220,578 $9,157,964 $1,513,200 $5,405,330 $2,987,831 Hacking Improper Disposal Loss Unauthorized Public Access/ Access/Use Distribution Unknown Virus Theft pensive type of breach, followed by Unauthorized Access/Use ($8,327,062) and Public Access/Distribution ($8,005,572). In Q2, Loss ($40,607,886) was the most expensive type of breach, followed by Hacking ($32,769,281) and Public Access/Distribution ($11,138,833).
8 8 Information Security and Data Breach Report SPOTLIGHT ON NOTABLE INFORMATION SECURITY INCIDENTS Company/Organization: BlueToad Industry: Internet Record Type: Electronic Breach Method: Hacking Type of Media: N.A. Size of Breach: 12 Million Records Type of Data Breached: Names, Addresses BlueToad, an application developer for Apple, suffered a hack that potentially breached millions of records. The company works with publishers such as Variety and the Christian Science Monitor to translate content onto phones or digital devices. In early September 2012, the company was hacked by Antisec, who claimed they had obtained 12 million UDID or unique device identifiers. These device identifiers, a 40 character string, are unique to the phones or tablets manufactured by Apple. Like many app developers, BlueToad stores the UDIDs so it can track app usage and develop statistics. The hackers released one million identifiers and claimed that some records had additional identifying information such as names, cell phone numbers and addresses. Once the breach was discovered, the company immediately alerted the Federal Bureau of Investigation (FBI) and Apple. The company has since fixed the vulnerability and engaged an independent security assurance firm to assist with its investigation and remediation of its security. 1 For purposes of this study eharmony, LinkedIn, the Texas Attorney General SSN Breach and BlueToad were considered outliers in the last two quarters and thus not reported as part of the quarterly data. The BlueToad breach is reviewed as part of this study under the Information Security Incidents section of this report. 2 Quarterly data reported in prior studies may change when information regarding breaches is identified or amended. 3 Insurance companies are classified as Corporate entities for the purposes of this study, although protected health information may be breached in incidents involving insurance companies A Virus is an intrusive malware that infects computers, servers and networks. A virus often carries out unwanted operations on a host computer. A virus could be used for hacking or it could be unintentionally loaded into a system and cause damage. A Hack occurs when a group or individual attempts to gain unauthorized access to computers or computer networks and tamper with operating systems, application programs, and databases. Unauthorized Access/Use is designated when an employee, contractor or volunteer of an organization wrongfully accesses or uses records. Improper Disposal occurs when either physical records or electronic media are not properly disposed and could be accessed by other parties. A Theft involves physical records or electronic media that have been stolen or taken from an organization without permission by an employee or other party. Loss is designated when either physical records or electronic media have been lost and cannot be located by the organization. Public Access/Distribution occurs when records or data are made available publicly or to inappropriate parties. This includes data made accessible via a server, website or network and sent to inappropriate recipients via paper or electronic methods Cost of Data Breach Study United States, Ponemon Institute LLC, March The total average cost per compromised record was $194. For purposes of this study, we estimated the total cost of each data breach using this figure calculated by the Ponemon Institute.
9 9 Q2 & Q ABOUT NAVIGANT Navigant (NYSE: NCI) is a specialized independent consulting firm providing dispute, financial, investigative, regulatory and operations advisory services to government agencies, legal counsel and large companies facing the challenges of uncertainty, risk, distress and significant change. The Company focuses on industries undergoing substantial regulatory or structural change and on the issues driving these transformations. CONTACT» For questions related to the data presented herein: Lead Data Breach Forensic Investigators Steven Visser svisser@navigant.com Daren Hutchison dhutchison@navigant.com Brad Pinne bpinne@navigant.com Strategic Initiative Contacts Scott Paczosa scott.paczosa@navigant.com Jonathan Drage jonathan.drage@navigant.com Darin Bielby dbielby@navigant.com Research Lead Bill Schoeffler bschoeffler@navigant.com The authors would like to thank Vanessa Nelson Meihaus for her invaluable assistance. Vanessa is a Research Coordinator specializing in practice specific and general business development research in the firm s Chicago office. Bill Hardin bill.hardin@navigant.com Andrew Obuchowski andy.obuchowski@navigant.com 2012 Navigant Consulting, Inc. All rights reserved. Navigant Consulting is not a certified public accounting firm and does not provide audit, attest, or public accounting services. See for a complete listing of private investigator licenses.
Information Security & Data Breach Report 2011 / 2012 Annual Review
Information Security & Data Breach Report 2011 / 2012 Annual Review 2 Information Security and Data Breach Report Data breaches and large scale cyber attacks continue to make headlines for entities of
More informationInformation Security & Data Breach Report November 2013 Update
Information Security & Data Breach Report November 2013 Update 2 Information Security and Data Breach Report Headlines like State Attorneys General Are Crucial Force in Enforcement of Data Breach Statutes
More informationInformation Security & Data Breach Report June 2012 Update
Information Security & Data Breach Report June 2012 Update 2 Information Security and Data Breach Report Data breaches continue to be one of the Achilles heels for corporations as these incidents become
More informationData Breach and Senior Living Communities May 29, 2015
Data Breach and Senior Living Communities May 29, 2015 Todays Objectives: 1. Discuss Current Data Breach Trends & Issues 2. Understanding Why The Senior Living Industry May Be A Target 3. Data Breach Costs
More informationCommon Data Breach Threats Facing Financial Institutions
Last Updated: February 25, 2015 Common Data Breach Threats Facing Financial s Although exact figures are elusive, there is no question that the number of data security breaches both reported and unreported
More informationThe Future of Data Breach Risk Management Response and Recovery. The Cybersecurity Forum April 14, 2016
The Future of Data Breach Risk Management Response and Recovery Increasing electronic product life and reliability The Cybersecurity Forum April 14, 2016 Today s Topics About Merchants Information Solutions,
More informationPresentation for : The New England Board of Higher Education. Hot Topics in IT Security and Data Privacy
Presentation for : The New England Board of Higher Education Hot Topics in IT Security and Data Privacy October 22, 2010 Rocco Grillo, CISSP Managing Director Protiviti Inc. Quote of the Day "It takes
More informationWHITE PAPER KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST PROTECTING THE PROTECTOR
KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST Protecting Identities. Enhancing Reputations. IDT911 1 DATA BREACHES AND SUBSEQUENT IDENTITY THEFT AND FRAUD THREATEN YOUR ORGANIZATION
More informationDATA PRIVACY ENFORCEMENT EFFORTS BY STATE ATTORNEYS GENERAL
DATA PRIVACY ENFORCEMENT EFFORTS BY STATE ATTORNEYS GENERAL State AGs have been very active in the leadership of data privacy protection initiatives across the country, and have dedicated considerable
More informationData Breaches in the Government Sector. A Rapid7 Research Report
Data Breaches in the Government Sector A Rapid7 Research Report Summary of Report Across all industries, data breaches and the protection of business-critical data remain a top concern. While the government
More informationNetwork Security & Privacy Landscape
Network Security & Privacy Landscape Presented By: Greg Garijanian Senior Underwriter Professional Liability 1 Agenda Network Security Overview -Latest Threats - Exposure Trends - Regulations Case Studies
More informationData Security Breaches: Learn more about two new regulations and how to help reduce your risks
Data Security Breaches: Learn more about two new regulations and how to help reduce your risks By Susan Salpeter, Vice President, Zurich Healthcare Risk Management News stories about data security breaches
More informationData Breach Cost. Risks, costs and mitigation strategies for data breaches
Data Breach Cost Risks, costs and mitigation strategies for data breaches Tim Stapleton, CIPP/US Deputy Global Head of Professional Liability Zurich General Insurance Data Breaches: Greater frequency,
More informationPersonal Information Protection Act Information Sheet 11
Notification of a Security Breach Personal Information Protection Act Information Sheet 11 Introduction Personal information is used by organizations for a variety of purposes: retail and grocery stores
More informationHIPAA PRIVACY AND SECURITY AWARENESS. Covering Kids and Families of Indiana April 10, 2014
HIPAA PRIVACY AND SECURITY AWARENESS Covering Kids and Families of Indiana April 10, 2014 GOALS AND OBJECTIVES The goal is to provide information to you to promote personal responsibility and behaviors
More informationThis presentation focuses on the Healthcare Breach Notification Rule. First published in 2009, the final breach notification rule was finalized in
This presentation focuses on the Healthcare Breach Notification Rule. First published in 2009, the final breach notification rule was finalized in the HIPAA Omnibus Rule of 2013. As part of the American
More informationCompliance Challenges. Ali Pabrai, MSEE, CISSP (ISSMP, ISSAP) Member, FBI InfraGard. Increased Audits & On-site Investigations
Enabling a HITECH & HIPAA Compliant Organization: Addressing Meaningful Use Mandates & Ensuring Audit Readiness Ali Pabrai, MSEE, CISSP (ISSMP, ISSAP) Member, FBI InfraGard Compliance Mandates Increased
More informationNetwork Security & Privacy Landscape
Network Security & Privacy Landscape Presented By: Pam Townley, AVP / Eastern Zonal Manager AIG Professional Liability Division Jennifer Bolling, Account Executive Gallagher Management Liability Division
More informationData Privacy and Cybersecurity Task Force
Data Privacy and Cybersecurity Task Force key contact Josephine Cicchetti Shareholder T: 202.965.8162 F: 202.965.8104 email We provide clients across industries with comprehensive counsel on complex, evolving,
More informationIowa Health Information Network (IHIN) Security Incident Response Plan
Iowa Health Information Network (IHIN) Security Incident Response Plan I. Scope This plan identifies the responsible parties and action steps to be taken in response to Security Incidents. IHIN Security
More informationPrivacy Legislation and Industry Security Standards
Privacy Legislation and Issue No. 3 01010101 01010101 01010101 Information is generated about and collected from individuals at an unprecedented rate in the ordinary course of business. In most cases,
More information9/13/2011. Miscellaneous Current Topics in Healthcare Professional Liability. Antitrust Notice. Table of Contents. Cyber Liability.
Miscellaneous Current Topics in Healthcare Professional Liability Josh Zirin, FCAS, MAAA Antitrust Notice The Casualty Actuarial Society is committed to adhering strictly to the letter and spirit of the
More informationManaging Cyber & Privacy Risks
Managing Cyber & Privacy Risks NAATP Conference 2013 NSM Insurance Group Sean Conaboy Rich Willetts SEAN CONABOY INSURANCE BROKER NSM INSURANCE GROUP o Sean has been with NSM Insurance Group for the past
More informationData Breach and Cybersecurity: What Happens If You or Your Vendor Is Hacked
Data Breach and Cybersecurity: What Happens If You or Your Vendor Is Hacked Linda Vincent, R.N., P.I., CITRMS Vincent & Associates Founder The Identity Advocate San Pedro, California The opinions expressed
More informationTHE DATA BREACH: How to stay defensible before, during and after the incident. after the incident.
THE DATA BREACH: How to stay defensible before, during and after the incident. after the incident. September 22, 2015 Erica Ouellette Beazley Technology, Media & Business Services Alyson Newton, Executive
More informationIntroduction to Data Security Breach Preparedness with Model Data Security Breach Preparedness Guide
Introduction to Data Security Breach Preparedness with Model Data Security Breach Preparedness Guide by Christopher Wolf Directors, Privacy and Information Management Practice Hogan Lovells US LLP christopher.wolf@hoganlovells.com
More informationPRIVACY AND INFORMATION SECURITY INCIDENT REPORTING
PRIVACY AND INFORMATION SECURITY INCIDENT REPORTING PURPOSE The purpose of this policy is to describe the procedures by which Workforce members of UCLA Health System and David Geffen School of Medicine
More informationPROFESSIONAL RISK PRIVACY CLAIMS SCENARIOS
PROFESSIONAL RISK PRIVACY CLAIMS SCENARIOS The following claim scenarios are hypothetical and are offered solely to illustrate the types of situations that may result in claims. Although sorted by industry,
More informationMobile Medical Devices and BYOD: Latest Legal Threat for Providers
Presenting a live 90-minute webinar with interactive Q&A Mobile Medical Devices and BYOD: Latest Legal Threat for Providers Developing a Comprehensive Usage Strategy to Safeguard Health Information and
More informationHow To Protect Your Data From Theft
Understanding the Effectiveness of a Data Protection Program IIA: Almost Free Seminar 21 June 2011 Agenda Data protection overview Case studies Ernst & Young s point of view Understanding the effectiveness
More informationReporting of HIPAA Privacy/Security Breaches. The Breach Notification Rule
Reporting of HIPAA Privacy/Security Breaches The Breach Notification Rule Objectives What is the HITECH Act? An overview-what is Protected Health Information (PHI) and can I protect patient s PHI? What
More informationReal World Healthcare Security Exposures. Brian Selfridge, Partner, Meditology Services
Real World Healthcare Security Exposures Brian Selfridge, Partner, Meditology Services 2 Agenda Introduction Background and Industry Context Anatomy of a Pen Test Top 10 Healthcare Security Exposures Lessons
More informationHealth Care Data Breach Discovery Strategies for Immediate Response
Health Care Data Breach Discovery Strategies for Immediate Response March 27, 2014 Pillsbury Winthrop Shaw Pittman LLP Faculty Gerry Hinkley Partner Pillsbury Winthrop Shaw Pittman LLP Sarah Flanagan Partner
More informationPrivacy Rights Clearing House
10/13/15 Cybersecurity in Education What you face as educational organizations How to Identify, Monitor and Protect Presented by Jamie Gershon Sr. Vice President Education Practice Group 1 Privacy Rights
More informationLessons Learned from Recent HIPAA and Big Data Breaches. Briar Andresen Katie Ilten Ann Ladd
Lessons Learned from Recent HIPAA and Big Data Breaches Briar Andresen Katie Ilten Ann Ladd Recent health care breaches Breach reports to OCR as of February 2015 1,144 breaches involving 500 or more individual
More informationMastering Data Privacy, Protection, & Forensics Law
Mastering Data Privacy, Protection, & Forensics Law April 15, 2015 Data Breach Notification and Cybersecurity Developments in 2015 Melissa J. Krasnow, Dorsey & Whitney LLP, and Certified Information Privacy
More informationViolation Become a Privacy Breach? Agenda
How Does a HIPAA Violation Become a Privacy Breach? Karen Voiles, MBA, CHC, CHPC, CHRC Senior Managing Consultant, Compliance Agenda Differentiating between HIPAA violation and reportable breach Best practices
More informationPREP Course #25: Hot Topics in Cyber Security and Database Security. Presented by: Joe Baskin Manager, Information Security, OCIO JBaskin@nshs.
PREP Course #25: Hot Topics in Cyber Security and Database Security Presented by: Joe Baskin Manager, Information Security, OCIO JBaskin@nshs.edu Objectives Discuss hot topics in cyber security and database
More informationUpdates within Network Security and Privacy Risk Management
Updates within Network Security and Privacy Risk Management RIMS Minneapolis Meeting Melissa Krasnow, Partner, Dorsey & Whitney LLP (Minneapolis, MN) Mario Paez, Midwest Practice Leader for Tech., Privacy,
More informationData Breach 101 How to Avoid a Virtual Catastrophe
Data Breach 101 How to Avoid a Virtual Catastrophe Presented by Eduard Goodman, J.D., LL.M., CIPP Chief Privacy Officer In partnership with IDentity Theft 911 is solely responsible for the content of this
More informationCSR Breach Reporting Service Frequently Asked Questions
CSR Breach Reporting Service Frequently Asked Questions Quick and Complete Reporting is Critical after Data Loss Why do businesses need this service? If organizations don t have this service, what could
More information12/4/2013. Regulatory Updates. Eric M. Wright, CPA, CITP. Schneider Downs & Co., Inc. December 5, 2013
Regulatory Updates Eric M. Wright, CPA, CITP Schneider Downs & Co., Inc. December 5, 2013 Eric M. Wright, CPA, CITP Eric has been involved with Information Technology with Schneider Downs since 1983. He
More informationThe Data Breach: How to stay defensible before, during and after the incident. Alex Ricardo, CIPP/US Breach Response Services
The Data Breach: How to stay defensible before, during and after the incident. Alex Ricardo, CIPP/US Breach Response Services What we are NOT doing today Providing Legal Advice o Informational Purposes
More informationCyber Liability & Data Breach Insurance Claims
Cyber Liability & Data Breach Insurance Claims A Study of Actual Payouts for Covered Data Breaches Mark Greisiger President NetDiligence June 2011 Last year, privacy breaches ran about 1-2 per week. This
More informationManaging Your Cyber & Data Risk 2010 NTA Convention Montreal, Quebec
Managing Your Cyber & Data Risk 2010 NTA Convention Montreal, Quebec Jeremy Ong Divisional Vice-President Great American Insurance Company November 13, 2010 1 Agenda Overview of data breach statistics
More informationCybersecurity: Protecting Your Business. March 11, 2015
Cybersecurity: Protecting Your Business March 11, 2015 Grant Thornton. All LLP. rights All reserved. rights reserved. Agenda Introductions Presenters Cybersecurity Cybersecurity Trends Cybersecurity Attacks
More informationCybersecurity Workshop
Cybersecurity Workshop February 10, 2015 E. Andrew Keeney, Esq. Kaufman & Canoles, P.C. E. Andrew Keeney, Esq. Kaufman & Canoles, P.C. 150 West Main Street, Suite 2100 Norfolk, VA 23510 (757) 624-3153
More informationProofpoint HIPAA Breach Report:
Proofpoint HIPAA Breach Report: An Analysis of HITECH Breach Notifications and Settlements, Q1 2013 Healthcare Industry Update threat protection compliance archiving & governance secure communication Contents
More information8/3/2015. Integrating Behavioral Health and HIV Into Electronic Health Records Communities of Practice
Integrating Behavioral Health and HIV Into Electronic Health Records Communities of Practice Monday, August 3, 2015 1 How to ask a question during the webinar If you dialed in to this webinar on your phone
More informationDEALERSHIP IDENTITY THEFT RED FLAGS AND NOTICES OF ADDRESS DISCREPANCY POLICY
DEALERSHIP IDENTITY THEFT RED FLAGS AND NOTICES OF ADDRESS DISCREPANCY POLICY This Plan we adopted by member, partner, etc.) on Our Program Coordinator (date). (Board of Directors, owner, We have appointed
More informationKEY STEPS FOLLOWING A DATA BREACH
KEY STEPS FOLLOWING A DATA BREACH Introduction This document provides key recommended steps to be taken following the discovery of a data breach. The document does not constitute an exhaustive guideline,
More informationMastering Data Privacy, Social Media, & Cyber Law
Mastering Data Privacy, Social Media, & Cyber Law October 22, 2014 Data Breach Notification and Cybersecurity Developments in 2014 Melissa J. Krasnow, Dorsey & Whitney LLP, and Certified Information Privacy
More informationHot Topics in IT Security PREP#28 May 1, 2014. David Woska, Ph.D. OCIO Security
Hot Topics in IT Security PREP#28 May 1, 2014 David Woska, Ph.D. OCIO Security CME Disclosure Statement The North Shore LIJ Health System adheres to the ACCME s new Standards for Commercial Support. Any
More informationDiscussion on Network Security & Privacy Liability Exposures and Insurance
Discussion on Network Security & Privacy Liability Exposures and Insurance Presented By: Kevin Violette Errors & Omissions Senior Broker, R.T. Specialty, LLC February, 25 2014 HFMA Washington-Alaska Chapter
More informationCyber and Privacy Risk What Are the Trends? Is Insurance the Answer?
Minnesota Society for Healthcare Risk Management September 22, 2011 Cyber and Privacy Risk What Are the Trends? Is Insurance the Answer? Melissa Krasnow, Partner, Dorsey & Whitney, and Certified Information
More informationCybersecurity Best Practices in Mortgage Banking. Article by Jim Deitch October 2015
Cybersecurity Best Practices in Mortgage Banking Article by Jim Deitch Cybersecurity Best Practices in Mortgage Banking BY JIM DEITCH Jim Deitch Recent high-profile cyberattacks have clearly demonstrated
More informationCyber Security Best Practices
Cyber Security Best Practices 1. Set strong passwords; Do not share them with anyone: They should contain at least three of the five following character classes: o Lower case letters o Upper case letters
More informationCyber Risk in Healthcare AOHC, 3 June 2015
Cyber Risk in Healthcare AOHC, 3 June 2015 Kopiha Nathan, Senior Healthcare Risk Management and Data Specialist James Penafiel, Underwriting Supervisor, Insurance Operations CFPC Conflict of Interest -
More informationPRIVACY BREACH POLICY
Approved By Last Reviewed Responsible Role Responsible Department Executive Management Team March 20, 2014 (next review to be done within two years) Chief Privacy Officer Quality & Customer Service SECTION
More informationSMB Data Breach Risk Management Best Practices. By Mark Pribish February 19, 2015
SMB Data Breach Risk Management Best Practices By Mark Pribish February 19, 2015 Presentation Agenda About Mark Pribish Information Governance The Threat Landscape Data Breach Trends Legislative and Regulatory
More informationData Security 101. Christopher M. Brubaker. A Lawyer s Guide to Ethical Issues in the Digital Age. cbrubaker@clarkhill.com
Data Security 101 A Lawyer s Guide to Ethical Issues in the Digital Age Christopher M. Brubaker cbrubaker@clarkhill.com November 4-5, 2015 Pennsylvania Bar Institute 21 st Annual Business Lawyers Institute
More informationSINGAPORE HEALTHCARE ENTERPRISE RISK MANAGEMENT CONGRESS 2014 - Data Breach : The Emerging Threat to Healthcare Industry
SINGAPORE HEALTHCARE ENTERPRISE RISK MANAGEMENT CONGRESS 2014 - Data Breach : The Emerging Threat to Healthcare Industry DATA BREACH A FICTIONAL CASE STUDY THE FIRST SIGNS OF TROUBLE Friday, 5.20 pm :
More informationAGENDA HIP Ho AA w i rivacy d The B reach Happen? I P nc AA Secu dent R rit esp y o nse Corrective Action Plan What We Learned ACRONYMS USED
Michael Almvig Skagit County Information Services Director 1 AGENDA 1 2 HIPAA How Did Privacy The Breach Happen? HIPAA Incident Security Response 3 Corrective Action Plan 4 What We Learned Questions? ACRONYMS
More informationUniversity System of Maryland University of Maryland, College Park Division of Information Technology
Audit Report University System of Maryland University of Maryland, College Park Division of Information Technology December 2014 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND
More informationGALLAGHER CYBER LIABILITY PRACTICE. Tailored Solutions for Cyber Liability and Professional Liability
GALLAGHER CYBER LIABILITY PRACTICE Tailored Solutions for Cyber Liability and Professional Liability Are you exposed to cyber risk? Like nearly every other business, you have probably capitalized on the
More informationData Security Incident Response Plan. [Insert Organization Name]
Data Security Incident Response Plan Dated: [Month] & [Year] [Insert Organization Name] 1 Introduction Purpose This data security incident response plan provides the framework to respond to a security
More informationINDUSTRY OVERVIEW: HEALTHCARE
ii IBM MSS INDUSTRY OVERVIEW: HEALTHCARE RESEARCH AND INTELLIGENCE REPORT RELEASE DATE: OCTOBER 7, 2014 BY: JOHN KUHN, SENIOR THREAT RESEARCHER iii TABLE OF CONTENTS EXECUTIVE OVERVIEW/KEY FINDINGS...
More informationHIPAA Privacy & Security Rules
HIPAA Privacy & Security Rules HITECH Act Applicability If you are part of any of the HIPAA Affected Areas, this training is required under the IU HIPAA Privacy and Security Compliance Plan pursuant to
More informationAuthorized. User Agreement
Authorized User Agreement CareAccord Health Information Exchange (HIE) Table of Contents Authorized User Agreement... 3 CareAccord Health Information Exchange (HIE) Polices and Procedures... 5 SECTION
More informationReducing Cyber Risk in Your Organization
Reducing Cyber Risk in Your Organization White Paper 2016 The First Step to Reducing Cyber Risk Understanding Your Cyber Assets With nearly 80,000 cyber security incidents worldwide in 2014 and more than
More informationHFS DATA SECURITY TRAINING WITH TECHNOLOGY COMES RESPONSIBILITY
HFS DATA SECURITY TRAINING WITH TECHNOLOGY COMES RESPONSIBILITY Illinois Department of Healthcare and Family Services Training Outline: Training Goals What is the HIPAA Security Rule? What is the HFS Identity
More informationAUGUST 28, 2013 INFORMATION TECHNOLOGY INCIDENT RESPONSE PLAN. 1250 Siskiyou Boulevard Ashland OR 97520
AUGUST 28, 2013 INFORMATION TECHNOLOGY INCIDENT RESPONSE PLAN 1250 Siskiyou Boulevard Ashland OR 97520 Revision History Revision Change Date 1.0 Initial Incident Response Plan 8/28/2013 Official copies
More informationT H E R E A L C O S T O F A D ATA B R E A C H
T H E R E A L C O S T O F A D ATA B R E A C H Hosted by AllClear ID www.allclearid.com/business WELCOME // QUICK NOTES Presentation is being recorded and will be available within 2-3 business days at www.allclearid.com/business
More informationWhat s trending on NP Privacy Partner
NP PRIVACY PARTNER Nixon peabody LLP What s trending on NP Privacy Partner January 30, 2015 Beware private drone operators, the FTC issues an Internet of Things report, hackers use stolen passwords to
More informationINFORMATION SECURITY FOR YOUR AGENCY
INFORMATION SECURITY FOR YOUR AGENCY Presenter: Chad Knutson Secure Banking Solutions, LLC CONTACT INFORMATION Dr. Kevin Streff Professor at Dakota State University Director - National Center for the Protection
More information2014: A Year of Mega Breaches
2014: A Year of Mega Breaches Sponsored by Identity Finder Independently conducted by Ponemon Institute LLC Publication Date: January 2015 Ponemon Institute Research Report Part 1. Introduction 2014: A
More information2009 HIMSS Analytics Report: Evaluating HITECH s Impact on Healthcare Privacy and Security
2009 HIMSS Analytics Report: Evaluating HITECH s Impact on Healthcare Privacy and Security Commissioned by ID Experts November 2009 INTRODUCTION Healthcare breaches are on the rise; according to the 2009
More informationCyber Liability. What School Districts Need to Know
Cyber Liability What School Districts Need to Know Data Breaches Growing In Number Between January 1, 2008 and April 4, 2012 314,216,842 reported records containing sensitive personal information have
More informationCybercrime: Protecting Your Digital Assets in Today's Threat Landscape
Cybercrime: Protecting Your Digital Assets in Today's Threat Landscape Presented by Rachel Ratcliff OM03 Saturday, 10/5/2013 9:30 AM - 10:45 AM Cybercrime: Protecting Your Digital Assets in Today s Threat
More informationTape Vaulting Audit And Encryption Usage Analysis
Tape Vaulting Audit And Encryption Usage Analysis Prepared for Public Presentation (includes SB 1386, Gramm Leach Bliley, and Personal Data Protection and Security Act of 2005 Customer Information Protection
More informationCyber Liability. Michael Cavanaugh, RPLU Vice President, Director of Production Apogee Insurance Group 877-337-3200 Ext. 7029
Cyber Liability Michael Cavanaugh, RPLU Vice President, Director of Production Apogee Insurance Group 877-337-3200 Ext. 7029 Today s Agenda What is Cyber Liability? What are the exposures? Reality of a
More informationRecent Developments in PCI DSS. PCI in the Headlines Risks to Higher Education PCI DSS Version 1.2
Recent Developments in PCI DSS PCI in the Headlines Risks to Higher Education PCI DSS Version 1.2 1 2009 Breach Investigation Who did it? 74% external parties 20% insiders 32% implicated business partners
More informationPERSONAL INFORMATION PROTECTION ACT Breach Notification Decision. BrandAlliance Inc. (Organization) P2016-ND-26 (File #002391) February 17, 2016
PERSONAL INFORMATION PROTECTION ACT Breach Notification Decision Organization providing notice under section 34.1 of PIPA Decision number (file number) Date notice received by OIPC Date Organization last
More informationHOW TO REALLY IMPLEMENT HIPAA. Presented by: Melissa Skaggs Provider Resources Group
HOW TO REALLY IMPLEMENT HIPAA Presented by: Melissa Skaggs Provider Resources Group WHAT IS HIPAA The Health Insurance Portability and Accountability Act of 1996 (HIPAA; Pub.L. 104 191, 110 Stat. 1936,
More informationImpact of Data Breaches
Research Note Impact of Data Breaches By: Divya Yadav Copyright 2014, ASA Institute for Risk & Innovation Applicable Sectors: IT, Retail Keywords: Hacking, Cyber security, Data breach, Malware Abstract:
More informationHow to Prepare for a Data Breach
IT Forum How to Prepare for a Data Breach Expediting Response and Minimizing Losses Presentation for SURA IT Committee November 5,,2014 Laura Whitaker, Senior Research Director eab.com Getting to Know
More informationCyber Liability. AlaHA Annual Meeting 2013
Cyber Liability AlaHA Annual Meeting 2013 Disclaimer We are not providing legal advise. This Presentation is a broad overview of health care cyber loss exposures, the process in the event of loss and coverages
More informationSTATEMENT OF RANDY S. MISKANIC VICE PRESIDENT, SECURE DIGITAL SOLUTIONS U.S. POSTAL SERVICE BEFORE THE SUBCOMMITTEE ON FEDERAL WORKFORCE, U.
STATEMENT OF RANDY S. MISKANIC VICE PRESIDENT, SECURE DIGITAL SOLUTIONS U.S. POSTAL SERVICE BEFORE THE SUBCOMMITTEE ON FEDERAL WORKFORCE, U.S. POSTAL SERVICE AND THE CENSUS UNITED STATES HOUSE OF REPRESENTATIVES
More informationTable of Contents. Application Vulnerability Trends Report 2013. Introduction. 99% of Tested Applications Have Vulnerabilities
Application Vulnerability Trends Report : 2013 Table of Contents 3 4 5 6 7 8 8 9 10 10 Introduction 99% of Tested Applications Have Vulnerabilities Cross Site Scripting Tops a Long List of Vulnerabilities
More informationCyber Risks Connect With Directors and Officers
Cyber Risks Connect With Directors and Officers Implications of the New SEC Guidance on Cyber Security February 2012 Lockton Companies, LLC The Securities and Exchange Commission (SEC) has changed the
More informationPrivacy Law Basics and Best Practices
Privacy Law Basics and Best Practices Information Privacy in a Digital World Stephanie Skaff sskaff@fbm.com What Is Information Privacy? Your name? Your phone number or home address? Your email address?
More informationI ve been breached! Now what?
I ve been breached! Now what? THE AFTERMATH OF A BREACH & STEPS TO REDUCE RISK The number of data breaches in the United States in 2014 hit a record high. And 2015 is not looking any better. There have
More informationPREP Course # 20: HIPAA Security Presented by: Joe Baskin, Manager, Information Security
PREP Course # 20: HIPAA Security Presented by: Joe Baskin, Manager, Information Security 1 CME Disclosure Statement The Northwell Health adheres to the ACCME s new Standards for Commercial Support. Any
More informationComputer Security at Columbia College. Barak Zahavy April 2010
Computer Security at Columbia College Barak Zahavy April 2010 Outline 2 Computer Security: What and Why Identity Theft Costs Prevention Further considerations Approach Broad range of awareness Cover a
More informationZip It! Feds, State Strengthen Privacy Protection. Practice Management Feature July 2012. Tex Med. 2012;108(7):33-37.
Zip It! Feds, State Strengthen Privacy Protection Practice Management Feature July 2012 Tex Med. 2012;108(7):33-37. By Crystal Conde Associate Editor When it comes to enforcing HIPAA data security and
More informationHCCA Compliance Institute 2013 Privacy & Security
HCCA Compliance Institute 2013 Privacy & Security 704 Conducting a Privacy Risk Assessment A Practical Guide to the Performance, Evaluation and Response April 23, 2013 Presented By Eric Dieterich Session
More informationHIPPA Goes HITECH. Data Protection for Agents
HIPPA Goes HITECH Data Protection for Agents For agent information only. this material should not be distributed to the public or used in any solicitation. 13-0127 Course objectives Agents will be able
More informationDATA BREACH INCIDENT RESPONSE WORKBOOK. For Questions or Immediate Help With a Data Breach, Call 1.877.441.3009
DATA BREACH INCIDENT RESPONSE WORKBOOK For Questions or Immediate Help With a Data Breach, Call 1.877.441.3009 Notice to Readers This workbook is not intended as legal advice and AllClear ID encourages
More informationData Breach Response Planning: Laying the Right Foundation
Data Breach Response Planning: Laying the Right Foundation September 16, 2015 Presented by Paige M. Boshell and Amy S. Leopard babc.com ALABAMA I DISTRICT OF COLUMBIA I FLORIDA I MISSISSIPPI I NORTH CAROLINA
More information