CISOMag reports on a recent survey and report, Assessment of Employee Susceptibility to Phishing Attacks at US Health Care Institutions, authored by Dr. William Gordon and colleagues. Not surprisingly, the survey found that the healthcare sector was susceptible to phishing attacks. How susceptible, you wonder? William specified that when the researchers sent simulated phishing emails,…
Category: Commentaries and Analyses
Businesses lag on data breach response times
I’ve recently commented a few times on delays to notification in the healthcare sector. Out-Law.com has a piece on data breach response times in the U.K. that provides some useful comparisons. Businesses in the UK took an average of 21 days to report personal data breaches they had identified to the Information Commissioner’s Office (ICO)…
Stolen N.W.T. laptop was among dozens that were unencrypted and handed out to unsuspecting staff anyway
This is Part 3 of a 3-part series on a stolen laptop. If you missed the earlier parts, you can find them here: Part 1 and Part 2. Priscilla Hwang reports: The N.W.T. government’s information technology division knew a set of laptops were “very difficult” to encrypt, but still handed it out for government staff…
MA: Release of employees’ partial Social Security numbers troubles Worcester teachers, School Committee members
Scott O’Connell reports: Teachers and School Committee members are looking for answers from the School Department in the wake of the district’s release of personal information for thousands of school employees to a testing company last year. According to Worcester Superintendent Maureen Binienda, the district’s IT department opted to use the last four digits of…
NY Appellate Court Slams Use of Hacked Email
Craig A. Newman of Patterson Belknap writes: When we hear about discovery abuses in litigation, we often think of overzealous lawyers using obstructionist tactics. Such behavior, however, rarely involves litigants hacking into the email of an adversary or accessing privileged attorney-client communications that disclose litigation strategies. But in a unanimous rulinglast week, a New York…
FTC Proposes to Add Detailed Cybersecurity Requirements to the GLBA Safeguards Rule
Mike Nonaka, Libbie Canter, David Stein and Sam Adriance of Covington & Burling write: On March 5, 2019 the Federal Trade Commission (“FTC”) published requests for comment on proposed amendments to two key rules under the Gramm-Leach-Bliley Act (“GLBA”). Most significantly, the FTC is proposing to add more detailed requirements to the Safeguards Rule, which…