Protenus, Inc. has released its 2017 review of breaches involving health data. It is the second annual review they have published since we began collaborating on data collection and analyses. As a reminder of last year’s major findings: Protenus reported that in 2016, insider incidents constituted approximately 43% of the 450 incidents we had compiled…
Category: Breach Incidents
Colorado Legislature Considers Sweeping Privacy and Cybersecurity Legislation
David M. Stauss and Gregory Szewczyk of Ballard Spahr write: A bipartisan group of Colorado legislators proposed legislation that, if enacted, would significantly change the requirements for how Colorado entities protect, transfer, secure, and dispose of documents containing “personal identifying information” (PII). The proposed legislation also would expand the types of information covered by the…
Pedes Orange County notifying patients after doctor found accessing EMR without authorization
Pedes Orange County, Inc. in California shares their medical facility with another medical group that conducts surgical procedures. To coordinate, it seems that they share a scheduling tool with other medical professionals in their building. Somehow – and it’s not yet clear to me how this happened in terms of access controls – a physician…
Corovan Corporation & Employer Leasing notifying 1,500 California residents of data breach
It was one of those deja vu experiences I’m increasingly likely to have these days. I read a breach notification template that involved health insurance information, made a note of it in my compilation worksheet for Protenus, and was going about my other work when I read another notification template that was identical – except…
FTC: Privacy & Data Security Update: 2017
The Federal Trade Commission (FTC) has released its Privacy & Data Security Update: 2017. The report is organized by major privacy enforcement actions in 2017, data security enforcement in 2017, and other topics of significant concern such as fair credit reporting, children’s online privacy and do not call. Apart from the Lenovo, Uber, and D-Link…
Cybersecurity firm, cybersecure thyself?
Cue Peter, Paul, and Mary singing, “When will they ever learn? Oh, when will they ever learn? Oh, when will they ever learn?” The best place to store your private keys of your production environment is probably NOT a public Amazon AWS S3 bucket. This is a top 500 “Cybersecurity” company btw. 🙂 pic.twitter.com/8Vu7mGpwox —…