People have often asked me if I compile stats on the reports on my site. I haven’t, but am pleased to announce that I am now collaborating with Protenus to help them provide monthly stats for U.S. breaches involving health/medical data. You can read their first blog post on June incidents here. Here’s a snippet…
Category: Commentaries and Analyses
Password-sharing case divides Ninth Circuit in Nosal II
Orin Kerr writes: The Ninth Circuit has handed down United States v. Nosal (“Nosal II“), a case on the scope of the Computer Fraud and Abuse Act that I blogged about here and here. The court held 2-1 that former employees of a company who had their company accounts revoked violated the CFAA when they subsequently…
In 5-year period,162 security breaches impacted 7.6 million consumers in SC
Matthew Stevens reports: The South Carolina Department of Consumer Affairs has released its Security Breach Report from January 2011 through December of 2015. Over that span, the agency acknowledge 162 breaches that impacted more than 7.6 million consumers in SC. The report found that the most breaches, 39, were related to the retail and food…
UK: Safe in Police hands? New Big Brother Watch report released
Big Brother Watch has released a new report on data protection in the UK police. Some of their key findings for the period June 1, 2011 – December 31, 2015 were that there have been 2,315 breaches in police forces, including: 869 (38%) instances of inappropriate/unauthorised access to information 877 (38%) instances of inappropriate disclosure of data…
UK: NHS seeks cure for its costly digital headache
Gill Hitchcock reports: This May two NHS trusts were fined almost £400,000 for failing to protect confidential information. Chelsea and Westminster revealed the email addresses of HIV service users, while Blackpool teaching hospitals published private information about thousands of staff online. But are these incidents simply isolated sloppiness or a growing problem as the NHS digitises its records?…
X-ray and MRI machines among devices used as springboards for data breach attacks
Bradley Barth reports: … Researchers at the cybersecurity firm TrapX Security refer to the act of infiltrating or hijacking medical devices as MEDJACK. In a 2015 report, the company cited examples of such attacks in which the malware infection was limited to the device itself. No more, however: In its 2016 MEDJACK.2 report, TrapX revealed examples of…