Dan Munro had an interesting conversation with Jeff Williams of Contrast Security at BlackHat, which led to a draft scoring system for data breaches and corporate responses: Tone – Is the announcement apologetic and not blaming? Does it acknowledge that there should have been better defenses and that the breach should have been detected and been…
Category: Commentaries and Analyses
Hold On, You Didn’t Overpay for That: Courts Address New “Overpayment” Theory from Plaintiffs in Data Breach Cases
Andrew C. Glass, David D. Christensen and Matthew N. Lowe of K&L Gates write: With the ever-increasing amount of personal information stored online, it is unsurprising that data breach litigation has become increasingly common. A critical issue in nearly all data breach litigation is whether a plaintiff has standing to pursue claims—especially where there is…
What HHS may not do, a state might
Back in June, 2014, this site noted two breaches disclosed by Rady Children’s Hospital in San Diego that involved patient data being disclosed to job applicants. Later that month, we learned that in the process of investigating the two known breaches, Rady uncovered two more such breaches. Rady duly notified HHS in June, 2014. More than two years later, there…
Analysis of World Check data leak by Risk Based Security: Hackers & Collectives
From RBS: In early July, it was revealed that a Thomson Reuters service known as World-Check had licensed information to a client that subsequently failed to secure the database. The leak, discovered by Chris Vickery, affected over 2.2 million persons identified as “heightened-risk individuals” that had been included in the World-Check database between 3/17/2000 and 9/17/2014. Shortly after the discovery, Risk…
Analysis of July healthcare data breaches
What kind of month was July for breaches involving health information. I counted 39 incidents reported during the month. Read Protenus’s blog for an analysis of the incidents. Update: Tom Sullivan of HealthcareITNews has a great write-up on the blog post.
An Assessment of the Anthem Data Breach Litigation Rulings
David Silverman writes: [Eric’s intro: this blog post helps distill Judge Koh’s two rulings, In re Anthem Inc. Data Breach Litig., No. 15-MD-02617 (N.D. Cal. Feb. 16, 2016) (“Anthem I”) and In re Anthem Inc. Data Breach Litig., No. 15-MD-02617 (N.D. Cal. May 27, 2016) (“Anthem II”). These are complicated opinions, and I hope this post helps…