An audit concerning: Security of Personal, Private and Sensitive Information (PPSI) on Mobile Computing Devices and Extracurricular Cash Records and Collections Report of Examination Period Covered: July 1, 2014 – January 21, 2016 Of relevance to this site: The Pittsford Central School District (District) is governed by the Board of Education (Board), which is composed…
Category: Commentaries and Analyses
Plaintiffs Cannot Bring Data Breach Lawsuits Without Evidence That Information Will Be Used To Harm
Every time there’s a big breach that has consumers or patients outraged, I see rumblings in the Comments section of posts about class-action lawsuits. An article by John Devine, Edward McAndrew, and Gregory Szewczy of Ballard Spahr about a recent opinion in District Court for the D.C. Circuit is a timely reminder of the uphill battle plaintiffs may…
California dentist notifies patients of backup drive stolen from car
Why are we still reading reports of devices with unencrypted patient information being stolen from providers’ unattended vehicles? This is the second report this month I’ve read like this. And while it’s one thing to inform patients that you believe the device was stolen for commercial value and not contents, does this letter go too far…
Athens Orthopedic Clinic incident response leaves patients in the dark and out of pocket for protection
On June 26, after learning that databases with patients’ protected health information had been put up for sale on the dark web, DataBreaches.net began investigating and trying to alert the victim entities so that they could take immediate steps to try to mitigate harm to patients. By that evening, I had sent an email to Athens Orthopedic…
Axing Boss Is Data Breach Response Last Resort
Jimmy Koo reports: Scapegoating the boss over a cybersecurity incident that compromises customer data or reveals unsavory internal communications usually isn’t the first option in a breach response. Data breaches may result in consumer class actions, organizational embarrassment, a drop in the price of a company’s stock and brand reputation damage, but top executives generally…
Why We Should Score Data Breaches
Dan Munro had an interesting conversation with Jeff Williams of Contrast Security at BlackHat, which led to a draft scoring system for data breaches and corporate responses: Tone – Is the announcement apologetic and not blaming? Does it acknowledge that there should have been better defenses and that the breach should have been detected and been…