Zack Whittaker reports: It feels like every other day another tech startup is caught red-faced spilling reams of data across the internet because of a lapse in security. But even for technology giants like Amazon, it’s easy to make mistakes. Security researcher Anurag Sen found a database packed with Amazon Prime viewing habits stored on an internal Amazon server that…
Category: U.S.
Georgia Man Sentenced to Federal Prison for Using Stolen Identities to Obtain Food Stamps and Attempt to Purchase a Luxury Vehicle
A Georgia man was sentenced to federal prison today for using stolen identities to fraudulently obtain Supplemental Nutrition Assistance Program (SNAP) benefits and attempt to purchase a luxury vehicle worth nearly $80,000. Mackenzie Braswell Sherman, 38, was sentenced to 24 months in federal prison and one year of supervised release. According to court documents, in…
After CommonSpirit ransomware attack: Why healthcare M&A is a ‘huge’ cybersecurity risk
Samantha Liss reports: As CommonSpirit Health, formed by the merger of Dignity Health and Catholic Health Initiatives in 2019, continues to deal with the fallout from a ransomware attack three weeks ago, security experts say such tie-ups and acquistions make healthcare systems more vulnerable to security breaches. M&A in healthcare “creates a huge risk” and a…
A Judge Has Finalized the $63M OPM Hack Settlement. Feds Now Have Two Months to Sign Up for Damages.
Eric Katz reports: A federal judge on Wednesday formally finalized a $63 million settlement that will soon allow thousands of current and former federal employees to receive payouts as part of the agreement stemming from a 2015 breach of data maintained by the Office of Personnel Management. District Judge Amy Berman Jackson said all parties…
California Appellate Court In Ruling of First Impression Affirms Denial of Class Certification in Data Breach Involving Confidential Medical Information
Kristin L. Bryan of Squire Patton Boggs writes about a lawsuit stemming from an insider wrongdoing situation first reported in 2018: Last month a California appellate court affirmed (for the first time among any state appellate courts to consider the issue) the lower court’s denial of class certification for claims brought under the Confidentiality of…
HIPAA Security Rule Security Incident Procedures
HHS OCR’s October newsletter begins: Every October, in recognition of National Cybersecurity Awareness Month, the federal government and its partners work to educate stakeholders on cybersecurity awareness and how best to protect the privacy and security of confidential data. Within the health care industry, the HIPAA Security Rule1 applies to covered entities2 and their business associates3 (“regulated entities”)…