David M. Stauss and Gregory Szewczyk of Ballard Spahr write: A bipartisan group of Colorado legislators proposed legislation that, if enacted, would significantly change the requirements for how Colorado entities protect, transfer, secure, and dispose of documents containing “personal identifying information” (PII). The proposed legislation also would expand the types of information covered by the…
Category: Breach Incidents
Pedes Orange County notifying patients after doctor found accessing EMR without authorization
Pedes Orange County, Inc. in California shares their medical facility with another medical group that conducts surgical procedures. To coordinate, it seems that they share a scheduling tool with other medical professionals in their building. Somehow – and it’s not yet clear to me how this happened in terms of access controls – a physician…
Corovan Corporation & Employer Leasing notifying 1,500 California residents of data breach
It was one of those deja vu experiences I’m increasingly likely to have these days. I read a breach notification template that involved health insurance information, made a note of it in my compilation worksheet for Protenus, and was going about my other work when I read another notification template that was identical – except…
FTC: Privacy & Data Security Update: 2017
The Federal Trade Commission (FTC) has released its Privacy & Data Security Update: 2017. The report is organized by major privacy enforcement actions in 2017, data security enforcement in 2017, and other topics of significant concern such as fair credit reporting, children’s online privacy and do not call. Apart from the Lenovo, Uber, and D-Link…
Cybersecurity firm, cybersecure thyself?
Cue Peter, Paul, and Mary singing, “When will they ever learn? Oh, when will they ever learn? Oh, when will they ever learn?” The best place to store your private keys of your production environment is probably NOT a public Amazon AWS S3 bucket. This is a top 500 “Cybersecurity” company btw. 🙂 pic.twitter.com/8Vu7mGpwox —…
Hundreds left vulnerable to hackers after Johnson and Johnson data blunder
Aaron Rogan reports: The home addresses of hundreds of Irish people have been published online in a data breach by a pharmaceutical company. A cybersecurity expert said the error may leave people vulnerable to hackers as the company also shared email addresses that may be linked to other online accounts. As part of a promotion…