Doug Drinkwater reports what regular readers have likely already noticed: following a data breach, customers are upset, some will be reluctant to do business again with the entity, there may be brand or reputation damage to the firm, but big businesses survive and will continue to grow or rebound. So there may or may not be reputation…
Category: Commentaries and Analyses
40,000 Packages of Backlogged Claims Material Discovered at Single VA Office
This is absolutely disgraceful. Morgan Chalfant reports: More than 40,000 backlogged mail packages of veterans’ disability claims material were discovered at a VA regional office in Florida, according to a new report from the VA inspector general. Investigators also found more than 1,600 boxes of unprocessed veterans’ claims material at a scanning facility with which the St….
Watchdog slams laptop security at Dept. of the Interior
Greg Otto reports: Nearly 12,000 Interior Department laptops are inadequately protected against the theft of personally identifiable information due to poorly configured software. In a management advisory obtained by FedScoop, the department’s Deputy Inspector General Mary Kendall wrote that a large number of laptops have their full-disk encryption software configured to run post-boot user authentication,…
‘Unprecedented’ Hacking Campaign By The FBI Targeted Over A Thousand Computers
Kavita Iyer reports: Two New York men in the summer of 2015 were accused of online child pornography crimes for allegedly visiting a site that was a Tor hidden service. The site apparently would safegaurd the identity of its users and server location. However, with the Federal Bureau of Investigation (FBI) using a hacking tool…
Scope of Preemption in Proposed Data Security Legislation is Uncertain
David Bender writes: According to a recent analysis by the Congressional Research Service (“CRS”), the extent of state law preemption in recent federal legislative proposals relating to data security is unclear. Several bills introduced in the 114th Congress would impose federal data security or breach notification requirements on covered entities, similar to existing requirements in nearly every…
Henry Schein settles FTC charges it misled customers about encryption of patient data
It appears the FTC acted on a complaint I filed with them last year concerning Henry Schein Dental’s use of the word “encryption” in their marketing and their refusal to individually notify customers that the “encryption” provided by Dentrix G5 was not NIST-grade encryption that would give them Safe Harbor under HIPAA. Background on my concerns…