A new list of top 5 healthcare data breaches?

HCA Healthcare just last week disclosed a massive data breach that affects the information of around 11 million patients, via a breached external storage location.  Comprising 182 hospitals and 2,200 care centers across the US and UK, HCA Healthcare is a prominent firm in the industry.  In fact it ranks #62 on Fortune 500’s largest… Read More

MOVEit breach hits education sector

The biggest infosec story in the news right now has caught multiple sectors in its net: the hack of the MOVEit file transfer tools.  From government to utilities to finance, students and teachers to public employees and retirees, it feels like no one has been exempted.  Over 16 million people in more than 150 institutions… Read More

No noble thieves in data security

Reddit’s planned API (application programming interface) changes have been met with a flurry of outrage online, seemingly none more so than the hackers who decided to take matters into their own hands.  Earlier this year, the BlackCat ransomware group hacked into Reddit servers and stole 80GB of sensitive data, accessing internal documents, codes, dashboards and… Read More

Keep your data under lock and key

When you share your personal information with a doctor’s office, are you concerned about the security of your data against bad actors or even accidental exposure?  You should be mindful.  Patients’ personal health information (PHI) and electronic health records (EHR) are a valuable reward for cyber criminals, and their targets are diverse.  Dentistry practices are… Read More

Data Breaches and Compliance

Data security and breach regulations are constantly evolving.  Last month, the Federal Trade Commission (FTC) announced a notice of proposed rulemaking to “strengthen and modernize” the existing Health Breach Notification Rule (HBNR) from 2009 (HBNR is part of the HITECH Act, enacted to promote the adoption and meaningful use of health information technology).  In addition… Read More

Juggling data security responsibilities

Major firms across industries have recently disclosed substantial breaches of personal data.  One of the largest pharmacy service providers in the US, PharMerica, has revealed that hackers were able to access the data of around 6 million patients.  PharMerica initially discovered suspicious activity on their network in March.  Names, dates of birth, Social Security numbers,… Read More

Uber’s Encryption Failures

Uber’s 2016 data breach and its consequences have been an ongoing story.  The latest, and perhaps even last, major development concerns the verdict in the case of Uber’s former head of security, Joseph Sullivan, who was accused of covering up said breach.  Failure in security/encryption practices led to the company exposing over 50 million people’s… Read More

Data disposal – trash to treasure?

Sensitive data is so casually stored, even discarded, secondhand devices can still lead to exposure.  In 2017, the National Association of Information Destruction (NAID) purchased a number of used electronics online for research purposes, and found plenty of personally identifiable information (PII) stored within.  More recently, security company ESET bought 16 used routers, only to… Read More

Data breaches targeting all industries

Storing sensitive data is a critical component of countless organizational strategies.  Companies whose primary task is to store such data ought to concern itself especially with protecting it from bad actors.  This will be a lesson drilled in with data storage giant Western Digital, which recently announced a security incident in which data was exfiltrated… Read More

Patient data compromised outside of healthcare

When it comes to the protected health information (PHI) of patients, healthcare organizations aren’t the only ones on the hook.  A New York law firm, Heidell, Pittoni, Murphy and Bach (HPMB), has just been hit with a $200,000 fine for failing to protect the electronic health records (EHR) of around 114,000 patients.  Representing New York… Read More