And yet another breach disclosed at the beginning of a holiday weekend – this one posted by the State of Alaska: September 1, 2017 ANCHORAGE – The Alaska Department of Health and Social Services had a security breach that may have disclosed personal information of individuals who have interacted with the Office of Children’s Services….
Category: U.S.
FTC Settles GLBA Enforcement Action Against TaxSlayer Stemming From 2015 Data Breach
We haven’t seen many data security enforcement actions under the Gramm-Leach-Bliley Act (GLBA) Safeguards Rule, but a recent case is a good opportunity to remind entities that they may be covered by it even if they didn’t know it. Edward McAndrew, Kim Phan, and Zaven Sargsian of Ballard Spahr write: The Federal Trade Commission (FTC)…
EXCLUSIVE: Hand Rehabilitation Specialists notifies patients of possible hack by TheDarkOverlord
Back around the Fourth of July holiday, I was busy attempting to confirm some claimed hacks by TheDarkOverlord (TDO). And no, I’m not referring to any entities I’ve previously named on this site, but yet other healthcare entities I’ve never named. In encrypted chats, TDO had provided me with samples of patient data from approximately…
Yahoo must face litigation by data breach victims: U.S. judge
Jonathan Stempel reports: A U.S. judge said Yahoo must face nationwide litigation brought on behalf of well over 1 billion users who said their personal information was compromised in three massive data breaches. Wednesday night’s decision from U.S. District Judge Lucy Koh in San Jose, California, was a setback for efforts by Verizon Communications Inc,…
Yet another breach due to envelope windows?! CVS Caremark exposes patients’ HIV status in mailings
I can almost hear Yogi Berra saying, “It’s deja vu all over again.” Lou Chibbaro Jr. reports: CVS Caremark, a division of the CVS pharmacy and healthcare company, abruptly discontinued a mailing last week to patients in Ohio receiving HIV-related medication from the company after it learned that a reference to “HIV” appeared above the…
SC: Dorchester School District 2 says $2,900 ransom paid to recover data after server breach, but no identities stolen
Drew Tripp reports: Dorchester School District 2 officials say no student or staff member’s identity information was stolen or compromised in a ransomware attack on the district’s computer network servers over the summer, but that some files were corrupted and lost, and the district was forced to pay a ransom to regain access to other…