So this is something that I don’t recall ever seeing before as part of an initial breach disclosure. CBS5 reports: A Phoenix dental office has an ongoing breach of protected health information, Arizona’s Family learned Monday. The U.S. Department of Health and Human Services Office of Civil Rights ordered Desert Valley Dental to inform the…
Category: Commentaries and Analyses
China Ministries Jointly Release Guidelines for Protecting Personal Information Online
Hunton Andrews Kurth writes: On April 11, 2019, the People’s Republic of China’s Network Security Bureau of the Ministry of Public Security, the Beijing Network Industry Association and the Third Research Institution of the Ministry of Public Security jointly released a “Guide to Protection of Security of Internet Personal Information (the “Guide”). The Guide presents…
Audit: HHS Info Security Program ‘Not Effective’
Marianne Kolbasuk McGee reports: The Department of Health and Human Services’ information security program has received a “not effective” rating as a result of several weaknesses found in an annual review of compliance with the Federal Information Security Management Act of 2014. The HHS Office of Inspector General report is based on an audit conducted…
Over Dozen Popular Email Clients Found Vulnerable to Signature Spoofing Attacks
Swati Khandelwal reports: A team of security researchers has discovered several vulnerabilities in various implementations of OpenPGP and S/MIME email signature verification that could allow attackers to spoof signatures on over a dozen of popular email clients. The affected email clients include Thunderbird, Microsoft Outlook, Apple Mail with GPGTools, iOS Mail, GpgOL, KMail, Evolution, MailMate,…
SEC Warns Advisers Over Privacy Compliance Issues
Craig A. Newman of Patterson Belknap writes: The Securities and Exchange Commission is warning investment firms to step up their game when it comes to following the agency’s privacy rules. In a Risk Alert issued by the Office of Compliance Inspections and Examinations (OCIE), a laundry list of compliance “deficiencies or weaknesses” were identified in…
Now it’s personal: 32 jailed in China for stealing 39 million pieces of private data
Mandy Zuo reports: A three-year investigation by police in southwest China into personal data theft has ended with 32 people behind bars and several more awaiting trial, state media reported. More than 50 people were detained by police in Chongqing as part of a nationwide effort to track down and dismantle a criminal gang known…