DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

The "smaller" breaches we don't see

Posted on July 12, 2010 by Dissent

I recently asked OCR if they have been receiving notifications of breaches affecting less than 500 individuals. Their answer is that they have been receiving such reports, but they will not be posting such reports on their web site. The reports “will be used to inform any reports to Congress on breaches.” As OCR reminded me:

For breaches that affect fewer than 500 individuals, a covered entity must provide the Secretary with notice annually. All notifications of breaches occurring in a calendar year must be submitted within 60 days of the end of the calendar year in which the breaches occurred.

Once again, then, we are left in the dark. Information is being collected, but we don’t how many such incidents are being reported, what the nature or type of breach was, what type(s) of information were involved.

I sent HHS/OCR a follow-up inquiry asking if they would consider revealing what kinds of information were involved in the breaches they do report on the site. Are any SSN or financial data involved? Should these breaches also be included in chronologies of sites such as ITRC and the Privacy Rights Clearinghouse that tabulate incidents that could lead to ID theft? Without additional information, there’s no way to know unless we can find a media report or notice on the entity’s web site — or unless some kind reader sends us a copy of the notification.

The OCR’s response to my inquiry about revealing types of information was that they have no plans to do so at this time.

While their recent attempt to strengthen protections is admirable, there is so much yet to be required — of data protectors and of our own government. We continue to need more transparency as well as more stringent security and privacy requirements.

Category: Uncategorized

Post navigation

← Ukrainian brought to NYC to face cybercrime charge
NL 10% of hospital personnel fell for phishing test →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Why Dumping Sensitive Data on Network Shares is a Liability
  • A militarily degraded Iran may turn to asymmetrical warfare – raising risk of proxy and cyber attacks
  • Pro-Russian hackers disrupt Dutch government websites ahead of NATO summit
  • Iran-Linked Threat Actors Leak Visitors and Athletes’ Data from Saudi Games
  • UK: Oxford City Council still investigating cyberattack from earlier this month
  • Steelmaker Nucor Says Hackers Stole Data in Recent Attack
  • People’s Republic of China cyber threat activity: Cyber Threat Bulletin
  • Ukrainian Web3 security auditing company Hacken suffered an attack that allowed a hacker to create 900 million HAI tokens
  • McLaren provides written notice to 743,131 patients after ransomware attack in July 2024 (2)
  • A state forensics lab was leaking its files. Getting it locked down involved a number of people.

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Sky Views Personal Data as a Potential Weapon in IPTV Piracy War
  • Florida Used a Nationwide Surveillance Camera Network 250 Times To Aid in Immigration Arrests
  • Federal Court Strikes Down HIPAA Reproductive Health Care Privacy Rule
  • The Markup caught 4 more states sharing personal health data with Big Tech
  • Privacy in the Big Sky State: Montana’s Consumer Privacy Law Gets Amended
  • UK Passes Data Use and Access Regulation Bill
  • Officials defend Liberal bill that would force hospitals, banks, hotels to hand over data

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.