From EPIC.org: The D.C. Circuit has ruled that it lacks jurisdiction to hear the appeal of CareFirst customers whose data was stolen in a 2014 data breach. The lower court in Attias v. CareFirst dismissed most of the plaintiffs and claims in the case for failure to allege damages and certified the dismissed claims for appeal. The D.C. Circuit…
Category: Commentaries and Analyses
Revealed: 1,400 data breaches at HSE included patient photos and medical files
Ken Foxe reports: The HSE has suffered almost 1,400 separate data breaches over the past two years involving photographing of patients, infection status being disclosed to other family members, and the discovery of confidential medical files in public places. The number of breaches showed a sharp rise between 2018, when 556 incidents were recorded, and…
Ad Industry Opposes FTC’s Proposed Security Regulations For Financial Institutions
Wendy Davis reports: The Federal Trade Commission’s proposed changes to security regulations for financial institutions could also affect a broad swath of non-financial companies — including ad agencies, social networks, lead generators and ad-tech companies — according to the Association of National Advertisers. The organization is urging the FTC to refrain from imposing a slate…
National cyber agency scans the web, detects scores of exposed Israeli databases
Omer Kabir reports: A scanning and detecting system developed by the Israel National Cyber Directorate (INCD) has discovered 145 at risk databases 16 of them containing extremely sensitive private and business information, according to details provided to Calcalist by the government agency. Following the detection, the INCD reached out to the organizations that own and…
Germany Prepares New Law for Patient Data Protection and Increased Digitalisation in Healthcare and for “Data Donations” for Research Purposes
Dr. Adem Koyuncu and Valerie Mei of Covington & Burling write: On 3 July 2020, the German parliament passed a draft bill (German language) for patient data protection and for more digitalisation in the German healthcare system (Patientendaten-Schutz-Gesetz). The draft bill is currently in the legislative procedure and is expected to enter into force in…
Security researcher publishes details and exploit code for a vBulletin zero-day
Catalin Cimpanu reports: A security researcher has published details and proof-of-concept exploit code for a zero-day vulnerability in vBulletin, one of today’s most popular forum software. The zero-day is a bypass for a patch from a previous vBulletin zero-day — namely CVE-2019-16759, disclosed in September 2019. Read more on ZDNet. Lawrence Abrams of BleepingComputer has…