NBC10 reports: If you’ve ever been pulled over by police or had an ambulance rush to your home, laptop computers offer a way for first responders to check some of your most personal information. Former Chester County Technical Communications Specialist David Cucchi insists however that the laptops in his county also offered a glaring opportunity…
Category: Commentaries and Analyses
What kind of month was April for health data breaches?
Protenus has published its Breach Barometer for April, with data and some analyses provided by this site. The analyses were based on the following incidents: Amedisys Home Health Area Agency of Aging 1-B: On March 31, 2017 the Area Agency on Aging 1-B (AAA 1-B) became aware of an unintentional potential disclosure of the personal health information…
Court Applies Work Product Protection to Breach Investigation Reports
Al Saikali of Shook Hardy & Bacon LLP writes about a key issue that has come up a number of times in discussing incident response and liability: One of the most significant questions in data security law is whether reports created by forensic firms investigating data breaches at the direction of counsel are protected from…
Substantial Risk of Harm in Data Breach Class Actions Ripe for Supreme Court Review
Jonathan Forman writes: Early in May, the U.S. Court of Appeals for the Second Circuit in Whalen v. Michaels Stores, Inc., No. 16-260 (L) (2d Cir. May 2, 2017), affirmed the dismissal of a data breach class action brought against Michaels Stores Inc. (Michaels) for failing to sufficiently allege an injury to support standing. This…
“Shoot the messenger:” NYC hospital and vendor threaten DataBreaches.net for reporting on their security failure
Vendor’s mistake potentially exposed “millions” of Bronx-Lebanon Hospital patients’ information; Hospital and vendor try to claim that iHealth Solutions was “hacked” by security researchers who uncovered the security problem; Hospital and vendor issue series of demands, threaten DataBreaches.net for reporting on incident; On May 3, Kromtech Security’s research team, conducting routine research, found that confidential and sensitive patient…
EPIC v. FBI: Agency Cyber Hack Notification Procedures Fall Short
Via EPIC.org: In Freedom of Information Act lawsuit EPIC v. FBI, EPIC has obtained the FBI notification procedures that would have applied to the Russian cyberattacks during the 2016 Presidential election. The documents obtained by EPIC establish that the FBI Cyber Division is to “notify and disseminate meaningful information to victims and the CND [Computer Network…