Tom Spring reports: Late last month, TrapX Labs’ security team spotted an uptick in the prevalence of a new more virulent strain of malware targeting hospitals and their IoT equipment. Researchers discovered attackers targeting unpatched medical equipment running Windows XP and Windows 7 with variations of attacks such as the Conficker worm, long thought obsolete. The…
Category: Commentaries and Analyses
Caldicott’s health security reform fails to address basic cyber hygiene
Richard Olver writes: The NHS treats more than 1 million people every 36 hours. These patients are often at their most vulnerable physically and emotionally, but so too are their digital selves. The health sector accounts for the most data security incidents in the UK — more than 40% of all UK incidents in Q4 2015 — and…
Analysis of Health Care Data Breach Litigation Trends
The law firm of Bryan Cave lists nine factors entities should look at when considering the risk that litigation poses following a breach. They note: Specifically, unless a plaintiff has been the victim of identity theft or has suffered some other type of concrete injury, most courts have refused to let them proceed based solely on the…
Reps. Lieu and Hurd urge ransomware events to be reported under HITECH
Representatives Ted W. Lieu (D | Los Angeles County) and Will Hurd (R | San Antonio) sent a letter to Deven McGraw, Deputy Director of the Office of Civil Rights of the Department of Health and Human Services (HHS) encouraging the office to focus on developing guidance for health care providers to respond to ransomware attacks under…
NEW: Monthly stats for health/med breaches
People have often asked me if I compile stats on the reports on my site. I haven’t, but am pleased to announce that I am now collaborating with Protenus to help them provide monthly stats for U.S. breaches involving health/medical data. You can read their first blog post on June incidents here. Here’s a snippet…
Password-sharing case divides Ninth Circuit in Nosal II
Orin Kerr writes: The Ninth Circuit has handed down United States v. Nosal (“Nosal II“), a case on the scope of the Computer Fraud and Abuse Act that I blogged about here and here. The court held 2-1 that former employees of a company who had their company accounts revoked violated the CFAA when they subsequently…