Jimmy H. Koo reports: Health insurance, financial services, and payment card companies failed to keep a California attorney’s identify theft lawsuit in federal court and must face the allegations back in state court, the U.S. District Court for the Northern District of California held May 31 ( Gallo v. Unknown No. of Identity Thieves ,…
Category: Commentaries and Analyses
INFORMATION SECURITY: FDIC Needs to Improve Controls over Financial Systems and Information
From: INFORMATION SECURITY: FDIC Needs to Improve Controls over Financial Systems and Information GAO-17-436: Published: May 31, 2017. Publicly Released: May 31, 2017. What GAO Found The Federal Deposit Insurance Corporation (FDIC) implemented numerous information security controls intended to protect its key financial systems. However, further actions are needed to address weaknesses in access controls—including boundary…
Another day, another litigation threat
I am really out of patience for people threatening me or my site. Look at this one: I need to you get rid of an article off of your website: The link is: https://www.databreaches.net/cytta-reports-online-hacking-of-their-nevada-secretary-of-state-officer-and-director-data/ Steffan Dalsgaard is not guilty of these allegations, no one except your website has accused him of hacking the state of Nevada. Nevada has…
HHS OIG: Virginia failed to secure Medicaid data
Jessica Kim Cohen reports that a Virginia audit has highlighted security issues with Medicaid data: During its audit, OIG found Virginia’s Medicaid data and systems did not meet federal standards. MMIS had “numerous significant system vulnerabilities,” despite having a security program in place, according to OIG. These vulnerabilities related to Virginia’s control over the data…
Calling time of death on HHS’s “breach tool”
I was excited back in 2010 when HHS started posting breaches on what some would call the “wall of shame.” I knew that we’d only learn about breaches involving HIPAA-covered entities, but at least we were finally starting to get some actual data. Now, more than 6 years later, it’s become clear to me that it’s probably best to just call time of death…
Where is the future of HIPAA enforcement headed?
Ira Parghi of Ropes & Gray writes: Since January 2016, the OCR has entered into resolution agreements with, and imposed Corrective Action Plans (CAPs) on, providers and others in at least 12 matters involving the Security Rule. It has also imposed a Civil Monetary Penalty on one entity. Most of these cases involve stolen, unencrypted…