Venkat Balasubramani discusses two recent court decisions that turned data breach plaintiffs away. The first case is the Hannaford case, discussed previously on this blog, but I was surprised to learn that the Providence Health System breach finally was decided: Paul v. Providence Health System-Oregon, (Ore. Ct. App. Oct. 6, 2010): this case involved the…
Month: October 2010
Breach Notice: The Struggle for Medical Records Security Continues
William Pewen, who was involved in drafting the language in ARRA, has an excellent commentary on Health Affairs Blog: On July 28 the Obama Administration surprised many in the health sector by withdrawing a pending Department of Health and Human Services (HHS) final “breach notification” rulegoverning when consumers must be informed of illicit access or use of…
Ca: Investigation finds veteran’s personal information was mishandled
In response to recent news of a breach involving a veteran’s medical information, the Privacy Commissioner of Canada has already completed an investigation and announced findings. From the press release: An investigation has highlighted the serious mishandling of a veteran’s personal information, entrusted to the care of Veterans Affairs Canada, says Privacy Commissioner Jennifer Stoddart. …
Cancer researcher fights UNC demotion over data breach (updated)
Gregory Childress reports that a data breach had significant consequences for a researcher. Because I don’t recall ever seeing such consequences before, I think this is pretty newsworthy: A UNC cancer researcher is fighting a demotion and pay cut she received after a security breach in the medical study she directs. Bonnie Yankaskas, a professor in…
ICO: data crooks should face jail
… Responding to a Ministry of Justice call for evidence on the current data protection legislative framework, the privacy watchdog said that the greatest threat to information security in organisations is individuals. But it said the Data Protection Act “only provides for a fine for those individuals who knowingly or recklessly obtain or disclose personal…
Hacked D.C. online voting system stored login and encryption key on server
Kim Zetter writes: An internet-based voting system that was hacked last week by researchers at the University of Michigan stored its database username, password and encryption key on a server open to attack. Alex Halderman, a computer scientist at the university, has detailed the vulnerabilities and hacking techniques his students used to completely control the system…