David Silverman writes: [Eric’s intro: this blog post helps distill Judge Koh’s two rulings, In re Anthem Inc. Data Breach Litig., No. 15-MD-02617 (N.D. Cal. Feb. 16, 2016) (“Anthem I”) and In re Anthem Inc. Data Breach Litig., No. 15-MD-02617 (N.D. Cal. May 27, 2016) (“Anthem II”). These are complicated opinions, and I hope this post helps…
Category: Commentaries and Analyses
Third Circuit Considers Injury-in-Fact Requirement for Data-Breach Class Actions
Natalie Garcia and Charles W. Mondora write: Two class actions currently pending in the United States Court of Appeals for the Third Circuit, In re Horizon Healthcare Services Inc. Data Breach Litigation (D. N.J. Mar. 31, 2015), appeal docketed, No. 15-2309, and Storm v. Paytime, 90 F.Supp. 3d 359 (M.D. Pa. 2015), appeal docketed, No. 15-3690, are being monitored closely…
Extortion demand on Athens Orthopedic Clinic escalates as patient data is dumped
On June 26, DataBreaches.net reported that several databases with patient information had allegedly been hacked and put up for sale on the dark net by hackers calling themselves TheDarkOverlord (TDO). This site subsequently identified one of the entities as the Athens Orthopedic Clinic in Georgia, and contacted them to alert them that it appeared that…
DHS Announces Cyber Incident Reporting Information: US-CERT
The United States Department of Homeland Security (DHS) has released guidelines and points of contact for reporting cyber incidents to the Federal Government. This communication follows the recent release of Presidential Policy Directive 41 (PPD-41)—United States Cyber Incident Coordination—which outlines how the Federal Government will handle cyber incidents. Users and administrators are encouraged to review these documents…
HHS seeks threat information sharing system for health sector
Amanda Ziadeh reports: The Department of Health and Human Services is looking to strengthen the privacy and security of health care information by sharing cyber threat data with partner agencies and stakeholders. HHS’ Office of the National Coordinator for Health Information Technology and the Assistant Secretary for Preparedness and Response released funding opportunities for an…
Pregnancy-tracking app was riddled with vulnerabilities, exposing extremely sensitive personal information
Cory Doctorow reports: Consumer Reports Labs tested Glow, a very popular menstrual cycle/fertility-tracking app, and found that the app’s designers had made a number of fundamental errors in the security and privacy design of the app, which would make it easy for stalkers or griefers to take over the app, change users’ passwords, spy on…