Adams County, WI disclosed a breach in August that affected 258,000 and may have been an insider breach. But they only notified HHS/OCR of that breach a few weeks ago. I wonder why. There’s nothing on their site to explain the late notification.
Category: Commentaries and Analyses
Privacy and Cybersecurity: A Global Year-End Review
There have been a number of reviews of privacy and security news in 2018. Here’s one by Jadzia Pierce of Covington & Burling, the law firm that has represented my blogs for lo, these many years. I thank them for their ongoing support of my work, and wish them all a happy and healthy New Year in 2019….
Breaches have (advertising cost) consequences for hospitals
The following is the abstract of an observational study published on The American Journal of Managed Care. The TL;DR version seems to be that if entities were to spend more proactively on security, they might not have to pay about 64% more annually in advertising costs over the next two years following a breach. Understanding…
How To Protect Healthcare Records In A Zero Trust World
Louis Columbus writes: There’s been a staggering 298.4% growth in the reported number of patient records breached as a result of insider-wrongdoing this year alone according to Protenus. The total disclosed number of breached patient records has soared from 1.1M in Q1 2018 to 4.4M in Q3 2018 alone, 680K of which were breached by insiders. There…
Ships infected with ransomware, USB malware, worms
Catalin Cimpanu reports: Ships suffer from the same types of cyber-security issues as other IT systems, a recent document released by the international shipping industry reveals. The document is the third edition of the “Guidelines on Cyber Security onboard Ships,” an industry-approved guide put together by a conglomerate of 21 international shipping associations and industry…
No Data Breach, No Case
Michael Mayer of Faruki writes: An Ohio federal district court recently handed down a ruling that will make companies storing client data breathe a sigh of relief. In Williams-Diggins v. Mercy Health, Case No. 3:16-cv-1938 (N.D. Ohio), a patient sued a health system because of deficient patient information software. (The defendant-health system certified that it subsequently…