Training Proposed After TRICARE Breach

Howard Anderson writes:

The Department of Defense and two other government agencies have issued a proposed rule designed to help ensure that government contractors provide adequate privacy training to their staff members. The proposal comes in the wake of a recent healthcare information breach incident involving a contractor to TRICARE, the military health program.

Read more on GovInfoSecurity.

As an aside, SAIC reportedly did not seem to think they were obligated to provide individual notification under HIPAA/HITECH, saying, instead, that they were complying with Department of Defense guidelines. So the DOD gives individuals more protection and notification rights than HIPAA/HITECH? Interesting. This is where some uniformity would help.

Thanks to PRC_Amber for the link.

Safaricom-Backed M-TIBA Victim of a Possible Data Breach Affecting Millions of Kenyans
Another plastic surgery practice fell prey to a cyberattack that acquired patient photos and info
Two U.K. teenagers appear in court over Transport of London cyber attack
ModMed revealed they were victims of a cyberattack in July. Then some data showed up for sale.
JFL Lost Up to $800,000 Weekly After Cyberattack, CEO Says No Patient or Staff Data Was Compromised
Massachusetts hospitals Heywood, Athol say outage was a cybersecurity incident

Related: