Depending on how long you have been following this blog, some of you may not remember the Interpark data breach in South Korea in 2016. I had covered it several times, including when it was fined $3.8 million (the largest fine up until that date) for its failure to protect consumer data from from what…
Category: Commentaries and Analyses
“We take your privacy seriously,” Saturday edition
As part of my research collaboration with Protenus for their Breach Barometer reports, I spend time every week reaching out to entities to ask them for details about incidents if I cannot find any notice on their site or a state attorney general’s site. Most entities respond with the requested information or a copy of…
New Haven Health Department failed to terminate former employee’s access to protected health information
The City of New Haven, Connecticut (New Haven) has agreed to pay $202,400 to the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) and to implement a corrective action plan to settle potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules. The…
ICO fines Marriott International Inc £18.4million for failing to keep customers’ personal data secure
From the U.K.’s Information Commissioner’s Office (ICO): The ICO has fined Marriott International Inc £18.4million for failing to keep millions of customers’ personal data secure. Marriott estimates that 339 million guest records worldwide were affected following a cyber-attack in 2014 on Starwood Hotels and Resorts Worldwide Inc. The attack, from an unknown source, remained undetected until…
Pharma data breaches should stop once data protection law comes into force
Na Vijayshankar reports: Three major cyber attacks in the Indian pharma industry in the last few months have left people wondering whether there is a pattern indicating the reason for this spurt. First was the Breach Candy Hospital one in February 2020 where over 121 million medical records were compromised. Of these, 120 million were…
Federal agencies issue alert: credible information of increased and imminent threat of ransomware attacks on healthcare and public health sector
From a cybersecurity advisory that you need to drop everything and read and then react to proactively. Seriously. The summary alone should make you take note: This joint cybersecurity advisory was coauthored by the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS)….