Back in May and then again in July, I noted several articles about Lewis-Palmer School District 38 in Colorado. A parent had raised concerns about whether the Infinite Campus platform might have compromised more than 2,000 students’ personal and academic information. The parent also alleged that the district had known about the problem since September…
Category: Commentaries and Analyses
America’s Schools Have A Big Cybersecurity Problem
Jason Glassberg of Casaba Security writes: With the 2016-2017 school year already underway, it’s time to draw attention to an ongoing and very serious problem facing the US education system: our schools are ill-equipped to face the mounting threats posed by hackers. While the education system isn’t the worst US industry in terms of cybersecurity,…
Prosthetic & Orthotic Care patient info remains publicly exposed
First, a quick update on the Athens Orthopedic Clinic breach: It took two requests, but I’m pleased to report that Pastebin removed three pastes with over 1,350 patients’ information. Those pastes were separate from an earlier paste with an additional 500 patients’ information. News outlets that continue to report that 500 patients’ information was exposed and put up for sale are, to…
When is a PHI breach reported to HHS not a breach of PHI?
Back in March, this site reported on an incident disclosed by the Eye Institute of Corpus Christi. The incident involved individuals copying the patient database and providing it to doctors formerly associated with the entity. The doctors then allegedly used the information to recruit patients to their practice. It was not clear from the notification…
Unorthodox Muddy Waters Partnership Targets St. Jude’s Devices
More on a situation I noted yesterday. This approach to using/monetizing vulnerability discoveries is downright scary…. but will it work to improve security? Here’s one of your must-reads for today. Jordan Robertson and Michael Riley report: When a team of hackers discovered that St. Jude Medical Inc.’s pacemakers and defibrillators had security vulnerabilities that could put…
St. Jude: Pacemaker hacking claims ‘absolutely untrue’
Matt Egan reports: St. Jude Medical rejected claims made by a famous short seller on Thursday that the company’s pacemakers and other lifesaving devices are vulnerable to cyber attacks. The allegations, made in a detailed 34-page report by Muddy Waters founder Carson Block, were enough to spook investors on Wall Street. St. Jude’s stock plummeted…