Data Breaches and Compliance
Data security and breach regulations are constantly evolving. Last month, the Federal Trade Commission (FTC) announced a notice of proposed rulemaking to “strengthen and modernize” the existing Health Breach Notification Rule (HBNR) from 2009 (HBNR is part of the HITECH Act, enacted to promote the adoption and meaningful use of health information technology). In addition… Read More
Juggling data security responsibilities
Major firms across industries have recently disclosed substantial breaches of personal data. One of the largest pharmacy service providers in the US, PharMerica, has revealed that hackers were able to access the data of around 6 million patients. PharMerica initially discovered suspicious activity on their network in March. Names, dates of birth, Social Security numbers,… Read More
Uber’s Encryption Failures
Uber’s 2016 data breach and its consequences have been an ongoing story. The latest, and perhaps even last, major development concerns the verdict in the case of Uber’s former head of security, Joseph Sullivan, who was accused of covering up said breach. Failure in security/encryption practices led to the company exposing over 50 million people’s… Read More
Data disposal – trash to treasure?
Sensitive data is so casually stored, even discarded, secondhand devices can still lead to exposure. In 2017, the National Association of Information Destruction (NAID) purchased a number of used electronics online for research purposes, and found plenty of personally identifiable information (PII) stored within. More recently, security company ESET bought 16 used routers, only to… Read More
Data breaches targeting all industries
Storing sensitive data is a critical component of countless organizational strategies. Companies whose primary task is to store such data ought to concern itself especially with protecting it from bad actors. This will be a lesson drilled in with data storage giant Western Digital, which recently announced a security incident in which data was exfiltrated… Read More
Patient data compromised outside of healthcare
When it comes to the protected health information (PHI) of patients, healthcare organizations aren’t the only ones on the hook. A New York law firm, Heidell, Pittoni, Murphy and Bach (HPMB), has just been hit with a $200,000 fine for failing to protect the electronic health records (EHR) of around 114,000 patients. Representing New York… Read More
Social engineering through sports sites
Just a couple of months ago I was contemplating creating an account for NBA.com to vote for their All-Star Game. Concerns over security of my data was one reason I abstained, and perhaps it was for good reason. The league recently sent out a data breach notification to fans that, although its own systems… Read More
Data Breaches – A Healthcare Crisis
Healthcare for IT involves protecting many types of data for various kinds of patients. A recent breach of the platform Cerebral, an online therapy and medication management system, has exposed the data of 3.1 million patients seeking care for their mental health. The verdict was that Cerebral had “disclosed certain information that may be regulated… Read More
Hackers Seek Riches: Protect Your Data
Data security is often a matter of national security. A cyber intrusion against the US Marshals Service demonstrates nothing less. Describing it as a major incident, the agency announced ransomware had targeted a system that subsequently had to be disconnected. “The affected system contains law enforcement sensitive information, including returns from legal process, administrative information,… Read More
Healthcare hackers and complex regulations
Despite the slight trend down over the past couple of years, the number of breaches targeting the healthcare industry is still higher than it was pre-pandemic. Hackers are carrying out more sophisticated, flexible breaches that also impact more individuals in total (an increase of 35% to reach 28 million in the second half of 2022). … Read More