Elizabeth Khalil writes: On September 15th, the Federal Deposit Insurance Corporation (FDIC) issued guidance(Financial Institution Letter FIL-56-2010, “FDIC Guidance on Mitigating Risk Posed by Information Stored on Photocopiers, Fax Machines and Printers”) urging banks under its supervision to ensure that they have written policies for the erasure or destruction of sensitive or confidential customer information stored in photocopiers, fax machines,…
Author: Dissent
I’ll Take 2 MasterCards and a Visa, Please
Brian Krebs writes: When you’re shopping for stolen credit and debit cards online, there are so many choices these days. A glut of stolen data — combined with cutthroat competition and innovation among vendors — is conspiring to keep prices for stolen account numbers exceedingly low. Even so, many readers probably have no idea that…
UK: When password sharing puts patient data at risk
Tony Collins writes: The British Medical Association in Scotland has today called for tougher safeguards to protect the confidentiality of electronic patient records. It comes as members of the Scottish Parliament prepare to debate a report of the Health Committee on Clinical Portal Technology and Telehealth. The BMA says that patient information accessible through clinical portals may be available outside the NHS, possibly to…
A home invasion leads to a breach for a New Hampshire lawyer
Two heads are better than one. Evan Francen noticed a breach report on the New Hampshire Attorney General’s site that I apparently missed back in July. A laptop containing confidential and personal information of clients of attorney George R. LaRocque, Jr. was stolen during a home invasion. Read more about the incident with Evan’s commentary…
Stolen Ault Chiropractic Center computers contained patient info
Ault Chiropractic Center in Indiana has notified HHS that computer theft on September 15th affected the PHI of 2,000 patients. There is no notice on their web site as of the time of this posting so I don’t know precisely what types of information were on the stolen and whether there was any encryption or…
Data Breach Investigation | Constitutionality | Arbitrary, Capricious?
Benjamin Wright is an attorney who teaches e-discovery, data security and cyber investigations law at the SANS Institute. In commenting on the recent matter of Lucile Salter Packard Hospital being fined for not notifying patients within 5 days of confirming that PHI were on a stolen computer, Wright states: Yet I will say that it…