CVS Pharmacy, Inc. v. Press America, Inc., 2018 WL 318479 (S.D.N.Y. 2018) A federal court has declined to dismiss a lawsuit filed by a pharmacy benefit manager (PBM) against a mail service that violated the HIPAA privacy rule when it misaddressed mail and improperly disclosed protected health information (PHI) of 41 individuals. The PBM, which…
Category: Commentaries and Analyses
Logs audit reveals The Peds in Las Vegas suffered insider-wrongdoing breach in 2014
There is so much wrong with this one that although I give them great credit for admitting they had a breach four years ago that they first discovered, I find their notification quite concerning. From The Pediatric Endocrinology and Diabetes Specialists, 5235 South Durango #103, Las Vegas, NV 89113: On 11 January 2018, during an audit of…
New Study of School Websites Reveals Widespread Online Security and Privacy Issues
According to a new study released today by EdTech Strategies, Tracking: EDU – Education Agency Website Security and Privacy Practices, state and local education agency websites were found to lack important security and privacy protections for students, families, and educators. “State department of education and school district websites have become indispensable for accessing information about…
Study: Alarming Number of Fortune 500 Credentials Found in Data Leaks
Ben Layer reports: Data breaches are common in the news lately, but a recent study by credential monitoring firm VeriClouds focuses specifically on the credentials of Fortune 500 employees found in account leaks posted online. Using a corpus of 8 billion stolen credentials gathered over three years, the total number of employees of each Fortune…
HHS OCR January 2018 OCR Cybersecurity Newsletter: Cyber Extortion
January 30, 2018 Incidents of cyber extortion have risen steadily over the past couple of years and, by many estimates, will continue to be a major source of disruption for many organizations. Cyber extortion can take many forms, but it typically involves cybercriminals’ demanding money to stop (or in some cases, to merely delay) their…
Hacking and phishing accounted for 75% of breaches reported to North Carolina in 2017
North Carolina issued a Security Breach Report for 2017. From the Executive Summary: This report provides a summary and discussion of the 1,022 data breaches reported to the North Carolina Department of Justice (NCDOJ) between January 1, 2017 and December 31, 2017. Under North Carolina law, businesses and state and local governments are required to…