PAP reports: Downloading personal data from the national identification number (PESEL) database is well within the rights of bailiff offices, as a way of verifying if they are targeting the right person. But the sheer amount of downloads has raised concerns that the data may have been used for purposes other than intended. For example,…
Category: Commentaries and Analyses
The number of Texas companies held accountable for data breaches?
Shawn Shinneman reports: The Office of the Attorney General hasn’t disciplined a single Texas company for failing to notify customers of a data breach – and records show it is only directly notified of a small portion of the incidents, the Dallas Business Journal has learned. The issue could stem from the way Texas’ cybersecurity…
Lewis-Palmer School District tries to downplay vulnerability and chill a concerned parent’s speech
Back in May and then again in July, I noted several articles about Lewis-Palmer School District 38 in Colorado. A parent had raised concerns about whether the Infinite Campus platform might have compromised more than 2,000 students’ personal and academic information. The parent also alleged that the district had known about the problem since September…
America’s Schools Have A Big Cybersecurity Problem
Jason Glassberg of Casaba Security writes: With the 2016-2017 school year already underway, it’s time to draw attention to an ongoing and very serious problem facing the US education system: our schools are ill-equipped to face the mounting threats posed by hackers. While the education system isn’t the worst US industry in terms of cybersecurity,…
Prosthetic & Orthotic Care patient info remains publicly exposed
First, a quick update on the Athens Orthopedic Clinic breach: It took two requests, but I’m pleased to report that Pastebin removed three pastes with over 1,350 patients’ information. Those pastes were separate from an earlier paste with an additional 500 patients’ information. News outlets that continue to report that 500 patients’ information was exposed and put up for sale are, to…
When is a PHI breach reported to HHS not a breach of PHI?
Back in March, this site reported on an incident disclosed by the Eye Institute of Corpus Christi. The incident involved individuals copying the patient database and providing it to doctors formerly associated with the entity. The doctors then allegedly used the information to recruit patients to their practice. It was not clear from the notification…