In what is likely to infuriate those who believe that the Federal Trade Commission has already abused its authority in its relentless enforcement action against a small cancer-detecting laboratory, the FTC has denied LabMD’s application for a stay of their final order while LabMD appeals to a federal court. In explaining its denial, the Commission said it looked at four…
Category: Commentaries and Analyses
Across US, police officers abuse confidential databases
Sadie Gurman and Eric Tucker report: Police officers across the country misuse confidential law enforcement databases to get information on romantic partners, business associates, neighbors, journalists and others for reasons that have nothing to do with daily police work, an Associated Press investigation has found. Criminal-history and driver databases give officers critical information about people…
Dozens of clinics, thousands of patients impacted by third-party data leak
EMR4all, Inc. was a California business providing free EMR software to physical therapy, speech therapy, and occupational therapy practices that used their associated patient billing service, Rehab Billing Solutions (RBS). Over the summer, they began shutting down operations and notifying their clients of their closure. Their effort to make a graceful exit wound up marred by a data…
Corporate Judgment Call: When to Disclose You’ve Been Hacked
Tatyana Shumsky reports: Companies are getting hacked more frequently but aren’t disclosing the incidents in their regulatory filings, a trend that worries investors. Just 95 of the nation’s roughly 9,000 publicly listed companies have informed the Securities and Exchange Commission of a data breach since January 2010, according to an analysis of their filings by…
Report: Third-Party Breaches in the Healthcare Sector Are Nothing to Sneeze At
DataBreaches.net has reported on a number of breaches in the healthcare sector this year that involved third parties, so I thought that I’d try to compile them to see how 2016 was shaping up. The resulting chronology, available in a new report co-authored with Protenus, Inc., includes more than 60 incidents involving business associates or vendors. Highlights of the…
Nearly 800,000 FTP Servers Accessible Online Without Authentication
Catalin Cimpanu reports: A recent brute-force scan of FTP servers available online via an IPv4 address revealed that 796,578 boxes can be accessed without the need for any credentials. The perpetrator of this scan is a security researcher that goes by the name of Minxomat, owner of a cyber-security firm that performs these types of…