There are ways to bury a breach disclosure other than waiting until after 3 pm on the Friday of a holiday weekend. Brian Krebs reports: Amid the hustle and bustle of the RSA Security Conference in San Francisco last week, researchers at RSA released a startling report that received very little press coverage relative to its overall…
Category: Commentaries and Analyses
Vets lose privacy lawsuit against VA after unencrypted data is stolen from hospital
Patrick O’Neill reports: After multiple thefts and data breaches related to the unencrypted personal information of 7,400 U.S. veterans out of a Veterans Affairs hospital, an appeals court dismissed a lawsuit this month in which patients alleged violations of the Privacy Act and Administrative Procedure Act. The veterans claimed at least seventeen more data breaches have occurred at Wm….
Patient info goes for how much on the dark web?
So the next time you read a report about how much money patient info goes for on the dark web or read estimates about $200/record, perhaps you should shop around, because medical records and health insurance info can be dirt cheap. This vendor will apparently sell you two patients’ records with their Social Security number, date…
Malware Used to Attack Polish Banks Contained False Flags Blaming Russian Hackers
Catalin Cimpanu reports: Malware samples used in the recent attacks against several Polish banks contained planted evidence that attempted to blame the attacks on Russian-speaking hackers. These false flags, as the (IT and real-world) security community refers to these planted clues, were discovered by Sergei Shevchenko, a Russian-speaking security expert for BAE Systems. In a report published this morning,…
The CoPilot Provider Support Services incident: The HIPAA issue
In the first part of a discussion of an incident reported by CoPilot Provider Support Services, this site reported claims by John Witkowski, a former employee, that CoPilot had not reported accurately on the incident. In this part, we focus on just one of CoPilot’s claims – that they are not a business associate under HIPAA….
OCR investigating CoPilot Provider Support Services breach; former employee lodged complaint
When CoPilot Provider Support Services recently disclosed a security incident that they had known about since 2015, their statements might have led you to believe that a disgruntled former employee had hacked them or misused previously authorized access, and that law enforcement might be looking into criminal charges. If you thought that, you were wrong on both counts. CoPilot Provider Support Services (“CoPilot”) describes itself…