Gus Hurwitz has a great commentary on LabMD v. FTC and an amicus brief filed by privacy law scholars in support of the FTC. I say “great” because I agree with him completely. I hold the privacy law scholars who filed the brief in very high regard, but reading their brief, I felt like it was…
Category: Breach Incidents
The CoPilot Provider Support Services incident: The HIPAA issue
In the first part of a discussion of an incident reported by CoPilot Provider Support Services, this site reported claims by John Witkowski, a former employee, that CoPilot had not reported accurately on the incident. In this part, we focus on just one of CoPilot’s claims – that they are not a business associate under HIPAA….
OCR investigating CoPilot Provider Support Services breach; former employee lodged complaint
When CoPilot Provider Support Services recently disclosed a security incident that they had known about since 2015, their statements might have led you to believe that a disgruntled former employee had hacked them or misused previously authorized access, and that law enforcement might be looking into criminal charges. If you thought that, you were wrong on both counts. CoPilot Provider Support Services (“CoPilot”) describes itself…
2016 W-2 data up for sale on the dark web (updated)
As regular readers know by now, DataBreaches.net has been compiling reported instances of W-2 phishing scams. As part of that investigation, I decided to take a quick look today at some dark net marketplaces to see if any data were up for sale. Brian Krebs had reported on this issue in January after finding a…
Are Courts the Next Frontier in Fight Against State Hacking?
Ben Hancock discusses another strategy for responding to state hacking: trying to sue them under the CFAA, although state claims would also be needed: “It is important to consider other, complementary options,” added Hinnen, who previously dealt with national security issues as a senior lawyer at the Justice Department. “One option worth consideration is enabling…
Oklahoma Gov, OMES Confirm Unnamed Agency Hacked, No Ransom Paid
Grant Hermes reports: Calling it a “catch-22”, Oklahoma state officials declined to release which state agency was discovered to have been attacked by hackers, claiming on Wednesday that releasing the name could compromise the agency further. Last week, the state director of Oklahoma CyberCommand told a House of Representative committee an agency had been attacked…