Joseph J. Lazzarotti writes: A recent study at the University of Arkansas suggests that organizations should avoid doing too much for individuals affected by a data breach. That is, when organizations provide compensation to breach victims that exceeds the victims’ expectations it could backfire. Those victims may become suspicious, thinking the organization has something to hide, which…
Category: Commentaries and Analyses
Fatal flaws in ten pacemakers make for Denial of Life attacks
Darren Pauli reports: A global research team has hacked 10 different types of implantable medical devices and pacemakers finding exploits that could allow wireless remote attackers to kill victims. Eduard Marin and Dave Singelée, researchers with KU Leuven University, Belgium, began examining the pacemakers under black box testing conditions in which they had no prior…
NYS audit of Glen Cove City School District finds deficiencies in IT procedures
NYS Comptroller DiNapoli has released the state’s audit of the Glen Cove City School District . The audit concerned portable electronic devices. Key findings from the audit: There was no written policy for notifying the IT office of new hires, keeping track of equipment assigned to employees and collecting equipment when an employee leaves District employment. The District’s…
Barrett Brown leaves prison still chained to a crime he didn’t commit
Dell Cameron reports: Dallas-based journalist Barrett Brown walked free from prison on Tuesday morning after spending more than four years behind bars. The 35-year-old cause célèbre, convicted in January 2015 after spending more than two years in pretrial confinement, faces a laundry list of post-release restrictions and obligations, including drug treatment, mental health evaluations, and computer monitoring. Read…
Data Breach Notification In the EU: A Comparison of US and Soon-To-Be EU Law
David A. Zetoony, Joshua A. James, Jena M. Valdetero, and Christopher M. Achatz of Bryan Cave provide an overview of significant differences between U.S. breach notification laws and the EU’s General Data Protection Regulation (“GDPR”). Here’s a snippet from their analysis: That said, there are several significant differences including: Type of Information Governed. Data breach notification laws in the United States apply…
Data manipulation heralds a new era of hacking
Here’s one of the nightmares I’ve occasionally had over the past two years: a healthcare entity gets hacked, but instead of patient data being stolen, it’s corrupted, leading to inaccurate patient medical records that result in wrong treatment or even fatal mistakes. Has it already happened? Data corruption is a risk that has always been mentioned in…