Ryan Amos, Mihir Kshirsagar, Ed Felten, and Arvind Narayanan write: We couldn’t help noticing that the recent Yahoo and Equifax data breach settlement notifications look a lot like phishing emails. The notifications make it hard for users to distinguish real settlement notifications from scams. For example, they direct users to URLs on unfamiliar domains that are not clearly…
Category: Commentaries and Analyses
A leak report quietly disappears, leaving questions in its wake
On October 8, Jeremiah Fowler reported that he had discovered a non-password protected database that contained what appeared to be information regarding healthcare workers and traveling nurses. If you had read the report on Security Discovery at the time, you would have read that almost one million people were potentially affected. Based on that reporting,…
Dental Delta of Arizona discloses phishing attack possibly compromising PII and PHI
Another day, another report of a data security incident because an employee fell for a phishing attack and the entity can’t be sure whether any protected health information or PII was actually accessed. Delta Dental of Arizona disclosed a July 8 incident this week. According to their press release, and after reiterating that they were…
Senator Warner wants to know what HHS OCR did in response to massive leak of patient medical images by organizations
This is a press release you may want to really read as it raises a number of important questions to HHS OCR as to how they do things — and how quickly (or not quickly). Nov 08 2019 WASHINGTON – U.S. Sen. Mark R. Warner (D-VA), Vice Chairman of the Senate Intelligence Committee and co-founder of the…
Main Street Clinical Associates, PA Notifies Patients After Looters Steal PHI
The press release below the separator on this page describes a statistically unusual incident; an explosion at a building adjacent to a covered entity caused an emergency evacuation in which files and file rooms were left open and unsecured. But then the entity and its employees were not allowed to re-enter the building for months….
City of Norman, OK temporarily suspends utility payment portal; ditches Click2Gov after another potential security incident
The City of Norman, Oklahoma has suspended its online portal for paying utility bills after they were notified of a potential security incident involving Click2Gov software by CentralSquare Technologies. At this point, the city seems to have had enough with Click2Gov security issues. The city is currently in the process of switching over to another…