Gill Hitchcock reports: This May two NHS trusts were fined almost £400,000 for failing to protect confidential information. Chelsea and Westminster revealed the email addresses of HIV service users, while Blackpool teaching hospitals published private information about thousands of staff online. But are these incidents simply isolated sloppiness or a growing problem as the NHS digitises its records?…
Category: Commentaries and Analyses
X-ray and MRI machines among devices used as springboards for data breach attacks
Bradley Barth reports: … Researchers at the cybersecurity firm TrapX Security refer to the act of infiltrating or hijacking medical devices as MEDJACK. In a 2015 report, the company cited examples of such attacks in which the malware infection was limited to the device itself. No more, however: In its 2016 MEDJACK.2 report, TrapX revealed examples of…
Massachusetts General Hospital Dental Group notifies patients of Patterson FTP server incident
Back in February, this site reported that a Patterson Dental anonymous FTP server was leaking patient data, according to a security researcher who had discovered the problem and reported it to them and then this site. One of the entities, the Massachusetts General Hospital Dental Group, had patient data caught up in that leak, and…
FTC closes 70 percent of data security investigations
Jeremy Snow reports: The Federal Trade Commission closes 70 percent of all formal security investigations it opens on average, FTC Commissioner Maureen Ohlhausen said Tuesday. Ohlhausen gave her insight on FTC’s previous private sector security breaches that caused stolen identities and data during a Heritage Foundation discussion on federal online data security regulation, and how the commission decides when…
C’mon folks, stop screwing up the easy stuff
It’s been what – at least a decade? – since we started seeing reports of personal and corporate information left on drives that were being resold on eBay? And yet even now, 2/3 of drives contain personal or corporate data, according to a new study.
Trying to get Maricopa County to respond to a privacy concern? Good luck with that!
As I’ve lamented (ok, bitched) many times: trying to notify an entity of a privacy or data security concern can be time-consuming and frustrating if the entity does not provide a clear means to notify them or doesn’t respond to your e-mails or calls. If you are thinking of trying to notify Maricopa County, Arizona…