The United States Department of Homeland Security (DHS) has released guidelines and points of contact for reporting cyber incidents to the Federal Government. This communication follows the recent release of Presidential Policy Directive 41 (PPD-41)—United States Cyber Incident Coordination—which outlines how the Federal Government will handle cyber incidents. Users and administrators are encouraged to review these documents…
Category: Commentaries and Analyses
HHS seeks threat information sharing system for health sector
Amanda Ziadeh reports: The Department of Health and Human Services is looking to strengthen the privacy and security of health care information by sharing cyber threat data with partner agencies and stakeholders. HHS’ Office of the National Coordinator for Health Information Technology and the Assistant Secretary for Preparedness and Response released funding opportunities for an…
Pregnancy-tracking app was riddled with vulnerabilities, exposing extremely sensitive personal information
Cory Doctorow reports: Consumer Reports Labs tested Glow, a very popular menstrual cycle/fertility-tracking app, and found that the app’s designers had made a number of fundamental errors in the security and privacy design of the app, which would make it easy for stalkers or griefers to take over the app, change users’ passwords, spy on…
NAIC Cybersecurity Task Force Weighs Credit Freezes
As a resource for my site visitors, I thought I’d mention an article by Josephine Cicchetti and Laura Wall on the relative merits of a credit freeze as opposed to credit monitoring if you are notified that your data has been caught up in a data breach. For a number of years now, both Brian Krebs…
MO: A second TheDarkOverlord target confirms hack (updated)
In the past 24 hours, two of TheDarkOverlord’s targets have publicly acknowledged breaches previously reported by this site. Yesterday, it was the Athens Orthopedic Clinic in Georgia who issued a public statement (previous coverage). Today, it’s a group of clinics in Farmington, Missouri (previous coverage). Daily Journal Online reports: The medical group which includes Midwest…
Woman sues Pennington County authorities for alleged violation of her civil rights
File this under “small breach, huge harm.” Mike Anderson reports that a woman is suing Pennington County because employees at City County Alcohol Drug Program (CCADP) violated federal law when they notified law enforcement that they had found a used syringe in her possession when she came to them, seeking help. Their notification appears taboo to me under…