As regular readers know by now, DataBreaches.net compiles data from health data breaches in the U.S. for Protenus, Inc. For the past few years, Protenus published monthly statistics and analyses, but this year, shifted to a quarterly report with more analyses and some fascinating proprietary data. Here’s an example of what you’ll find in their…
Category: Commentaries and Analyses
Samsung Galaxy S7 smartphones vulnerable to Meltdown hacking: researchers
Jack Stubbs reports: Samsung’s Galaxy S7 smartphones contain a microchip security flaw, uncovered earlier this year, that has put tens of millions of devices at risk to hackers looking to spy on their users, researchers told Reuters. The Galaxy S7 and other smartphones made by Samsung Electronics Co Ltd (005930.KS) were previously thought to be…
Unixiz Agrees to Shutter “i-Dressup” Site and Pay Penalty to Settle Charges Under COPPA and the New Jersey Consumer Fraud Act
From Hunton Andrews Kurth: On August 3, 2018, California-based Unixiz Inc.(“Unixiz”) agreed to shut downits “i-Dressup” website pursuant to a consent order with the New Jersey Attorney General, which the company entered into to settle charges that it violated the Children’s Online Privacy Protection Act (“COPPA”) and the New Jersey Consumer Fraud Act. The consent orderalso…
OpenEMR patches serious vulnerabilities uncovered by Project Insecurity
Everyone has their own definition of a good day. Mine includes preventing breaches of patient medical information. Today qualifies as a good day, thanks to Project Insecurity. OpenEMR is open source software for managing electronic medical records (EMR) and other practice management functions. According to Wikipedia, OpenEMR is one of the most popular free electronic medical…
SEC Fines Mizuho for Failing to Protect Customer Data
Peter A. Kurtz and Craig A. Newman write: It is not enough for companies to establish policies and procedures designed to prevent the misuse of material nonpublic information. Companies must also enforce those policies and procedures. That’s the lesson from the U.S. Securities and Exchange Commission’s recent settlement with Mizuho Securities USA LLC (“Mizuho”), a broker-dealer,…
11th Circuit Decision in LabMD Case Could Have Repercussions Beyond the FTC
F. Paul Greene and Daniel J. Altieri consider the landscape after the 11th Circuit’s decision in the LabMD case, noting the state-level Unfair and Deceptive Acts and Practices (“UDAP”) laws and The Nationwide Assurance of Voluntary Compliance may become more prominent as tools for data security enforcement actions. They write, in part: The Nationwide Assurance…