Hunton & Williams write: As reported in BNA Privacy Law Watch, on March 21, 2018, South Dakota enacted the state’s first data breach notification law. The law will take effect on July 1, 2018, and includes several key provisions: Definitions of Personal Information and Protected Information. The law defines personal information as a person’s first name or…
Category: U.S.
Is OCR Moving the Goal Posts on Vendor Management?
Yesterday, I posted an item about a settlement between New Jersey and Virtua Medical Group after a 2016 data leak by their transcription vendor exposed approximately 1,600 patients’ information on the internet. New Jersey took the position that this was a HIPAA violation and that the entity was responsible for what its vendor had done…
Virtua Medical Group Agrees to Pay Nearly $418,000, Tighten Data Security to Settle Allegations of Privacy Lapses Concerning Medical Treatment Files of Patients
There’s a follow-up to a breach previously reported on this site in 2016 in which a transcription vendor’s error resulted in the exposure of some Virtua Medical Group’s patients’ protected health information on the internet. It appears that New Jersey has settled charges against VMG over the incident. Of note, the charges are that the VMG…
What to Know About the Latest Data Breach Hitting Sears and Delta Customers
David Meyer reports: Both Sears and Delta Air Lines are facing the exposure of some of their customers’ credit card information, following a data breach at a mutual contractor. The company, a customer services operation called [24]7.ai, suffered the breach between Sept. 26 and Oct. 12 last year. It said in a statement that the…
Police: Hackers tried to alter grades at Virginia school
A search warrant says hackers have attempted to change grades at a Virginia high school. The Washington Post cites the warrant filed in Fairfax County that says the attack began in November when emails were sent from a known Oakton High School Honor Council with a link it purported would take readers to news about…
Wisconsin Department of Health Services and The Management Group Announce Breach of Information
The Department of Health Services (DHS) and The Management Group (TMG) are notifying IRIS participants of a breach of information due to theft of a laptop and a work bag of a TMG IRIS Consultant on February 5. TMG mailed notifications to 779 participants on April 3 who received services from TMG who have potentially…