Sean McIntyre reports: As reported in our 2017 Data Security Incident Response Report, plaintiffs allege potential future harm as a basis for injury in 80 percent of data breach lawsuits. But are allegations of future harm sufficient to meet Article III’s cases-and-controversies requirement, specifically with regard to the injury-in-fact element of standing? Despite the prevalence…
Category: Commentaries and Analyses
HHS is considering changes to OCR’s ‘wall of shame’—and experts are divided on the impact
Evan Sweeney reports: The Department of Health and Human Services is exploring potential changes to the agency’s “wall of shame,” a legislatively mandated website that tracks healthcare data breaches dating back to 2009. During a hearing addressing cybersecurity concerns in healthcare last week, Leo Scanlon, deputy chief information security officer at HHS, told Rep. Michael…
UK: Gloucester City Council fined by ICO for not updating OpenSSL promptly, which permitted Heartbleed exploitation by Anonymous
The Information Commissioner’s Office (ICO) has fined Gloucester City Council £100,000 after a cyber attacker accessed council employees’ sensitive personal information. The attacker took advantage of a weakness in the council’s website in July 2014, which led to over 30,000 emails being downloaded from council mailboxes. The messages contained financial and sensitive information about council…
You shot the messenger and then needed her help? How did that work out for you?
Some readers might appreciate an update as to what happened when Bronx-Lebanon Hospital Center and iHealth Solutions sent legal threat letters to this site after I notified them and reported that they were leaking protected health information. As I previously noted, I was – and remain – very grateful to Covington & Burling for their representation of me and this…
Romania: Haven for hackers turned cyber sleuths
Vlad Odobescu reports: Razvan Cernaianu once surfed the Internet anonymously and easily broke into the computer systems for NASA, the Pentagon and Oracle. Then he became part of a legion of hackers that turned Romania into a center of international cyber fraud investigators. Now, the 25-year-old is co-founder of Cyber Smart Defense, a security firm…
HospitalGown Database Leak: Enterprise Apps Found Leaking Data On Back End Servers
AJ Dellinger reports: Mobile apps for enterprise services that manage data are leaving massive troves of user information exposed and unprotected on backend servers, according to a group of security researchers. Experts at Appthority, a mobile security firm, published a report that showed 43 terabytes of data from enterprise apps left exposed. The information was…