Susan K. Livio reports: Health insurance companies will be required to protect client information by encrypting the data, under legislation Gov. Chris Christie signed into law today. The bill follows a series of incidents involving stolen laptops containing policyholder information protected only by user passwords. Read more on NJ.com.
Month: January 2015
United Airlines suspends some customers’ MileagePlus accounts following third-party breach
United Airlines has suspended some customers’ MileagePlus accounts after an unauthorized individual was able to start accessing accounts using login credentials acquired from an unnamed third party breach. The unauthorized access began on December 9, according to a copy of the notification message to those affected. The user profiles for MileagePlus accounts include MileagePlus number,…
Inland Empire Health Plan notifies Children’s Eyewear Sight customers of data theft (Update1)
Inland Empire Health Plan (IEHP) is notifying plan members of a breach at a local provider’s facility. On October 28, a desktop computer and other items were reportedly stolen from Children’s Eyewear Sight in Rancho Cucamonga, CA. A file on the computer included plan members’ name, date of birth, gender, address and contact phone number,…
Data Breach Plaintiffs Survive Dismissal Against Target
If you haven’t kept up with all the lawsuits against Target over its 2013 data breach, Amelia Gerlicher and Todd M. HinnenTodd M. Hinnen of Perkins Coie provide a useful write-up of where things stand now. You can read it on JDSupra.
Indiana Attorney General settles with former dentist accused of dumping patient files
There’s a follow-up to a breach previously noted in April 2013. From the Indiana Attorney General’s Office: Indianapolis – The state has reached a settlement with former Kokomo-area dentist, Dr. Joseph Beck, for mishandling medical records containing sensitive information of more than 5,600 patients. The Attorney General’s Office sued Beck for failing to protect personal information…
Proposed data breach bill in Washington State: comments
So I’ve just read the proposed legislation for revising Washington State’s data breach notification law (see the WA AG’s press release on the proposal here). A few comments/observations on the bill: 1. The bill eliminates the word “computerized” before “data,” thereby seemingly expanding the data breach notification requirements to paper records or other formats. That…