Some people are already receiving phishing emails, it seems. Anthem has issued the following press release in response: INDIANAPOLIS–(BUSINESS WIRE)–Feb. 6, 2015– Individuals who may have been impacted by the cyber attack against Anthem, should be aware of scam email campaigns targeting current and former Anthem members. These scams, designed to capture personal information (known…
Month: February 2015
FTC Approves Final Orders In PaymentsMD Privacy Case
After a public comment period, the Federal Trade Commission has approved final orders resolving complaints that PaymentsMD, LLC and its former CEO, Michael C. Hughes, violated consumers’ privacy by collecting personal medical information without their consent. The settlements were first announced in December, 2014. In its complaints, the FTC alleged that Payments MD and Hughes altered the signup…
How do I alert thee? Let me count the ways that don't work – UK edition (updated)
On February 2nd, I blogged: … I spent some time yesterday trying to locate a contact email for the NHS to alert them that a hacker had dumped a list of vulnerabilities in NHS sites that hackers could exploit. Failing to find any central contact for reporting infosecurity concerns or breaches, I tweeted an inquiry as…
Dear EDUCAUSE Security Maillist – some advice from Abdilo
When someone who’s either hacked your databases or is likely to hack them in the future tells you how to prevent his type of attacks, you might want to pay some attention. Seen on Pastebin, as posted by Abdilo: Dear EDUCAUSE Security Mail-list, ( Good luck profiling me <3 ) How to stop me from…
DEA pharmacy subpoena not overbroad and HIPAA exempt
John Wesley Hall reports on two court rulings out of Texas concerning the same case: United States v. Zadeh. From the court’s opinion in one of the cases: In this case, it is clear that the information sought by the DEA is relevant to its investigation, but the question is whether the use of an administrative subpoena…
Why even strong crypto wouldn’t protect SSNs exposed in Anthem breach
Steve Bellovin explains: Another day, another data breach, and another round of calls for companies to encrypt their databases. Cryptography is a powerful tool, but in cases like this, it’s not going to help. If your OS is secure, you don’t need the crypto; if it’s not, the crypto won’t protect your data. In a case…