An update to a breach previously noted on this blog. Anna Burlson reports: Three North Dakota University System employees who dealt in IT security have been put on administrative leave following a massive security breach last winter. The personal information of more than 290,000 current and past NDUS students was vulnerable for four months before…
Month: August 2014
FTC Approves Final Order in Case Against GMR Transcription Services
A follow-up on a breach case previously reported on this site. From the FTC: Following a public comment period, the Federal Trade Commission has approved a final order resolving FTC allegations that GMR Transcription Services, Inc., engaged in deceptive and unfair information security practices that exposed the personal information of thousands of consumers online, in…
Video: Do I have to give permission for my medical information to be in a Health Information Exchange?
From the incomparable World Privacy Forum: Do I have to give permission for my medical information to be in a Health Information Exchange? HIE stands for “Health Information Exchange.” A health care provider does not need your permission to share your medical information for treatment purposes within an HIE, just as a doctor does not need permission to…
Many HHS investigations still open years later?
If you’re hoping that HHS will do anything about the recent Community Health Systems breach affecting 4.5 million patients across the country, don’t hold your breath. Not only is the incident not even up yet on HHS’s public breach tool, where it will become the second largest breach since such public reporting went into effect…
Update: UPS Store breach involved 105,000 transactions
Mathew J. Schwartz has more on the recently disclosed malware breach that impacted 51 UPS Store franchise centers. Read his report on InfoRisk Today
Heartbleed Not Only Reason For Health Systems Breach
Community Health Systems’ bad patching practices are nothing compared to its poor encryption, network monitoring, fraud detection, and data segmentation, experts say. Read more on Dark Reading. If HHS wants to go after CHS, this article certainly lays out the technical security safeguards that may not have been in place.