Ben Sutherly reports: A Mason man seriously injured in a sensational crash on Interstate 675 that drew national attention received a certified letter Tuesday from Miami Valley Hospital notifying him that four hospital employees had inappropriately accessed his medical records. In a letter dated Oct. 20, hospital Privacy Officer Cindy Howley wrote that employees had…
Author: Dissent
Did Dutch Police Break the Law Taking Down a Botnet?
Interesting article by Jeremy Kirk about how Dutch police may have broken the law in an attempt to get control of a botnet and to warn innocent users that their systems were infected: Dutch police took unprecedented action in taking down a botnet on Monday: They uploaded their own program to infected computers around the…
(update) MWeb not hacked
As a follow-up to a blog entry from yesterday, I note that TechCentral (ZA) now reports: Internet Solutions (IS) says the security breach reported for one of its business digital subscriber line (DSL) user-provisioning systems was not a hack. According to the IS log, there is no clear indication that the site was hacked, but…
Computer at heart of criminal case against former CBI deputy director
Howard Pankratz reports: An allegedly stolen computer belonging to the Colorado Bureau of Investigation is at the heart of the criminal case against former CBI deputy director Peter Mang, according to the criminal complaint filed against Mang in Jefferson County. The criminal complaint alleges that Mang stole a CBI computer, its “contents”, power cords, printer,…
Will The ICO Make An Example Of Google? (I hope not)
Almost one month ago, the UK’s ICO announced that fines for data breaches were “imminent.” Maybe “imminent” means something different in UK English than in New Yorkese, where we tend to be impatient, but nothing happened. Now Peter Judge of eWeek suggests that, for a variety of reasons, Google might make a good first target….
Should HHS fine entities who experience repeated avoidable security failures?
I’m working on a breach post for later today but started mulling over the question of whether HHS needs to start fining covered entities who have repeat breaches where the entity did not seem to adequately harden their security after the first breach or to really learn from experience. This is 2010. The excuse “we…