Commentaries and Analyses – Page 401

FTC Finalizes Settlement with Utah Company and its former CEO over Allegations they Failed to Safeguard Consumer Data

Posted on January 6, 2020 by Dissent

The Federal Trade Commission has granted final approval to a settlement with a Utah-based technology company related to allegations that the firm failed to put in place reasonable security safeguards, allowing a hacker to access the personal information of more than a million consumers. The FTC alleged that InfoTrax Systems, L.C. and its former CEO Mark Rawlins failed to…

7 security incidents that cost CISOs their jobs

Posted on January 2, 2020 by Dissent

Dan Swinhoe reports on 7 incidents that resulted in CISOs losing their job. Before you click on the link to read the story, see if you can name the 7 companies from memory or prediction. I’ll give you one hint to be fair: these are not all incidents in which the CISO was fired or…

Ghosts in the Clouds: Inside China’s Major Corporate Hack

Posted on January 2, 2020 by Dissent

Rob Barry and Dustin Volz report: The hackers seemed to be everywhere. In one of the largest-ever corporate espionage efforts, cyberattackers alleged to be working for China’s intelligence services stole volumes of intellectual property, security clearance details and other records from scores of companies over the past several years. They got access to systems with…

West Georgia Ambulance Company Pays $65,000 to Settle Allegations of Longstanding HIPAA Noncompliance

Posted on December 31, 2019 by Dissent

Are you surprised to see a settlement with HHS arising from an investigation that began when an entity reported a stolen laptop in 2013? Keep reading this notice from HHS to find an explanation: West Georgia Ambulance, Inc. (West Georgia), has agreed to pay $65,000 to the Office for Civil Rights (OCR) at the U.S….

As 2019 draws to a close, some entities are taking harder look at storing PHI in employee email accounts

Posted on December 30, 2019 by Dissent

Okay, so two exemplars doesn’t prove any kind of trend, but I’m glad to see some entities now taking steps to reduce how much PHI is stored in employee email accounts. Here are two recent incidents, both reported to HHS in December: Healthcare Administrative Partners (HAP) is a Pennsylvania-based business associate under HIPAA. On December…

Vistaprint Logomaker files viewable due to insecure Amazon s3 bucket

Posted on December 28, 2019 by Lee J

Vistaprint. Everyone knows it and probably almost everyone knows somebody who has used the firm to design or print business cards, brochures, or other business-related stationery or marketing-related materials. Recently I was on Vistaprint’s site to create a new logo for ctrlbox.com. To my unpleasant surprise, I discovered that the preview of my logo displayed…