On May 10, when DataBreaches.net first reported that the American Medical Collection Agency had been breached, we reported that information from 200,000 payment cards had been found for sale on a top-tier market by Gemini Advisory analysts, whose investigation linked those cards to AMCA. At the time, we did not know how many other payment…
Category: Commentaries and Analyses
Premera Reaches Proposed $74M Settlement Over 2014 Breach of 11M
Jessica Davis reports: Premera Blue Cross reached a proposed $74 million settlement with the 11 million patients impacted by its 2014 breach, caused by a sophisticated cyberattack that lasted for nearly one year before it was discovered. In January 2015, Premera officials discovered the breach that began nearly a year earlier in May 2014. Premera, Premera…
Health Quest phishing incident in 2018 results in notification to patients, but why such a long delay?
Today’s Poughkeepsie Journal has a news story about a phishing incident that appears to have been discovered in July, 2018 that affected an unspecified number of Health Quest patients. From the available information, it sounds like Health Quest first discovered email attachments in January, 2019, and then it took them until April 2, 2019 to…
Utah knew the company it picked to create standardized tests had a history of crashes and cyberattacks. It signed a $44 million contract with Questar anyway.
Courtney Tanner reports: In other states, the year-end tests were marked by glitches and cyberattacks and hourlong delays. One school district threw out its results because the software was so unreliable. In another, all of the students had to start over when the programming shut down and didn’t save their responses. Sensitive student data was…
It’s been a strange week, Part 2. An open letter to Twitter.
This was a strange week. It started off great, but then, there I was in a private (DM) conversation on Twitter with Chris Vickery, and alluva sudden, I get a message that my Twitter account was suspended. I refreshed the screen and got the same message. I logged out, logged back in, and was still…
Legislative Roundup: New Laws Passed in Arkansas, Oklahoma, and Maryland That Revise Cyber Security Measures
Steven Erkel and Kaeley Brown of Alston & Bird write: Arkansas In April, Arkansas’ Governor signed H.B. 1943 as Act 1030 expanding the scope of personal information, as used in the Personal Information Protection Act, to include “biometric data.” The Bill defines “biometric data” as “data generated by automatic measurements of an individual’s biological characteristics,…