In a recent white paper I co-authored with Protenus, Inc., we noted the significant risks of a breach involving a vendor or business associate. In following up in a subsequent post, I also included a “pop quiz” for readers to use to test their understanding about the terms of any contract they have in terms of…
Category: Commentaries and Analyses
InfoSec: FDA Needs to Rectify Control Weaknesses That Place Industry and Public Health Data at Risk
For years, Congress and federal regulators have been raising concerns about FDA’s infosecurity after report of a hack in 2013. So while the FDA has been issuing lots of statements about securing medical devices and mobile apps, the GAO would like them to know that they need to do a better job on securing their own data: What…
FTC denies LabMD’s application for a stay of Commission’s Final Order
In what is likely to infuriate those who believe that the Federal Trade Commission has already abused its authority in its relentless enforcement action against a small cancer-detecting laboratory, the FTC has denied LabMD’s application for a stay of their final order while LabMD appeals to a federal court. In explaining its denial, the Commission said it looked at four…
Across US, police officers abuse confidential databases
Sadie Gurman and Eric Tucker report: Police officers across the country misuse confidential law enforcement databases to get information on romantic partners, business associates, neighbors, journalists and others for reasons that have nothing to do with daily police work, an Associated Press investigation has found. Criminal-history and driver databases give officers critical information about people…
Dozens of clinics, thousands of patients impacted by third-party data leak
EMR4all, Inc. was a California business providing free EMR software to physical therapy, speech therapy, and occupational therapy practices that used their associated patient billing service, Rehab Billing Solutions (RBS). Over the summer, they began shutting down operations and notifying their clients of their closure. Their effort to make a graceful exit wound up marred by a data…
Corporate Judgment Call: When to Disclose You’ve Been Hacked
Tatyana Shumsky reports: Companies are getting hacked more frequently but aren’t disclosing the incidents in their regulatory filings, a trend that worries investors. Just 95 of the nation’s roughly 9,000 publicly listed companies have informed the Securities and Exchange Commission of a data breach since January 2010, according to an analysis of their filings by…