There’s a follow-up to an HHS OCR investigation that I had noted back in October, 2015. And since we don’t see many OCR investigations reported like this one, it’s worth noting. Politicians who are also HIPAA-covered entities, in particular, may wish to take note. Graham Moomaw reports: State Sen. Siobhan S. Dunnavant, a Henrico County…
Month: January 2017
Eastern Health Investigating Unusual Privacy Breach
It was ultimately a case of calling the wrong phone number, but due to a combination of factors, the error wasn’t realized until after some patient information had been revealed. VOCM reports: Eastern Health is investigating after VOCM Backtalk host Pete Soucy found himself in a recent comedy of errors that resulted in a privacy…
TwoPlusTwo Poker Forum Hacked; Personal Data Stolen and Offered for Sale
FlushDraw reports: The world’s largest online poker discussion forum, TwoPlusTwo, has again seen its virtual defenses breached. The site’s operators have confirmed that the forum was hacked at some point late in 2016, with the personal data then being offered for sale elsewhere on the Internet. The hacking and theft of the personal information was discovered…
UK: £150,000 fine for insurance company that failed to keep customers’ information safe
From the Information Commissioner’s Office: The ICO has fined Royal & Sun Alliance Insurance PLC (RSA) £150,000 following the loss of the personal information of nearly 60,000 customers. An ICO investigation looked at the theft of a hard drive device containing 59,592 customers’ names, addresses and bank account details including account numbers and sort codes. The device…
The MongoDB attacks: 93 terabytes of data wiped out
The other night on Twitter, after I and others communicated concern as the number of attacks on misconfigured MongoDB installations rose to 27,000 in a relatively short period, @Cyber_War_News and I had a respectful disagreement about the seriousness of the situation: still shocked that yall shocked and fussing about the mongodb ransom spike. — CWN (@Cyber_War_News) January…
Minneapolis settles more lawsuits over snooping in driver database
Whether it’s the healthcare sector, government, or any other sector, if you’re not using adequate tools to monitor and audit your employees’ access to personal information records, it will cost you sooner or later. Eric Roper reports: The long list of lawsuits against Minnesota governments for employees improperly snooping into the state driver’s license database…