Shadab Nazmi reports: A bug had been found in India’s third largest mobile network which could have exposed the personal data of more than 300 million users. The flaw, discovered in the Application Program Interface (API) of Airtel’s mobile app, could have been used by hackers to access subscribers’ information using just their numbers. That…
Category: Commentaries and Analyses
NYC Health & Hospitals Corp. investigating alleged employee wrongdoing
NYC Health & Hospitals Corp. posted a notice this week (reproduced below) that suggests that a rogue employee may have been selling PHI to law firms or clinics that specialize in motor vehicle accident patients. Of note, this notice does not specify any one hospital where the employee worked. Did the employee have access to…
Fine against hospital due to data protection deficits in patient management
From the European Data Protection Board: The Commissioner for Data Protection and the Freedom of Information Rhineland-Palatinate imposed a fine of 105,000 euros on a hospital in Rhineland-Palatinate. The fine is based on several breaches of the General Data Protection Regulation in the framework of a patient mix-up when admitting the patient. This resulted in…
Merck cyberattack’s $1.3 billion question: Was it an act of war?
Riley Griffin of Bloomberg reports: By the time Deb Dellapena arrived for work at Merck & Co.’s 90-acre campus north of Philadelphia, there was a handwritten sign on the door: The computers are down. It was worse than it seemed. Some employees who were already at their desks at Merck offices across the U.S. were…
OCR Secures $2.175 Million HIPAA Settlement after Sentara Hospitals Failed to Properly Notify HHS of a Breach of Unsecured Protected Health Information
OCR has announced another settlement. This one involves Sentara Hospitals, and it’s a somewhat surprising one in the sense that Sentara not only seems to have gotten the fundamentals of HIPAA and notification compliance wrong, but then they seem to have insisted in their wrongheaded ways even after HHS told them what their obligations were. …
Google Fires Four Employees, Citing Data-Security Violations
Bloomberg reports: Google told staff on Monday that it fired four employees for what the company called “clear and repeated violations” of its data-security policies. Alphabet Inc.’s Google sent an email describing the decision to employees titled “Securing our data,” according to a copy of the document obtained by Bloomberg News. The company confirmed the…