Matt Fisher writes: The Office for Civil Rights is promoting HIPAA as being able to prevent or substantially mitigate the impacts of a cyber attack. It is a bold statement from OCR and one that bears unpacking. Why is OCR asserting that HIPAA can prevent or substantially mitigate a cyber attack? The primary answer is…
Category: Commentaries and Analyses
While questions about RaidForums remain unanswered, BreachForums opens
On February 25, popular hacking-related forum RaidForums.com (RF) appeared to have been seized. It was not the first time it had appeared to have problems, but in the past, the owner, “Omnipotent” had reappeared briefly to restore the site somewhat. Now it did not appear to be working at all and had been replaced by…
OCR Cybersecurity Newsletter: Defending Against Common Cyber-Attacks
From OCR’s newsletter today: Throughout 2020 and 2021, hackers have targeted the health care industry seeking unauthorized access to valuable electronic protected health information (ePHI). The number of breaches of unsecured ePHI reported to the U.S Department of Health and Human Service’s Office for Civil Rights (OCR) affecting 500 or more individuals due to hacking…
Arkansas AG Sues Defunct Health Provider for Mishandling Patient Records
Scott Carroll reports: Arkansas Attorney General Leslie Rutledge on Thursday announced a lawsuit against the defunct Eastern Ozarks Regional Health for failing to protect sensitive patient information after it closed. The former hospital in Cherokee Village is accused of leaving behind thousands of unsecured patient and employee records that contain social security numbers, driver’s license…
Hidden privacy lessons in the FTC’s CafePress security enforcement
Cobun Zweifel-Keegan writes: In its most recent cybersecurity enforcement decision, the U.S. Federal Trade Commission announced a draft settlement agreement with the current and former operators of the customized merchandise website CafePress.com. Although the unanimous consent order focuses primarily on the company’s lax security practices, which allegedly led to multiple data breaches, there are also a few…
Facebook fined $18.6M over string of 2018 breaches of EU’s GDPR
Natasha Lomas reports: Facebook’s parent company, Meta, has been fined €17 million (~$18.6 million) by the Irish Data Protection Commission (DPC) over a string of historical data breaches. The security lapses in question, which appear to have affected up to 30 million Facebook users, date back several years — and had been disclosed by Facebook…