Commentaries and Analyses – Page 619

FTC To Study Credit Card Industry Data Security Auditing

Posted on March 7, 2016 by Dissent

Note: The PCI DSS Council currently lists 346 qualified security assessors. It would be nice to know how the FTC picked the nine it’s questioning, and I’ve sent the FTC an inquiry about that. * * * The Federal Trade Commission has issued orders to nine companies requiring them to provide the agency with information on how…

Was the company involved in FTC charges against LabMD raided by the FBI?

Posted on March 3, 2016 by Dissent

A business whose evidence the FTC relied upon in opening an investigation of LabMD has allegedly been raided by the FBI. It’s just the latest development in a case that has now involved the FTC, DOJ, the security of Marine One, the House Oversight Committee, and a slew of businesses who were told that their…

Bailey’s notifies 15,000 online customers of payment card breach

Posted on March 2, 2016 by Dissent

It’s not enough I come across a payment card breach notification with a lot of detail, so I was surprised to read a notification of an e-commerce breach from Bailey’s to the Oregon Attorney General’s Office that provided so much information. Look at the first few paragraphs of the timber harvest gear firm’s notification. It includes the date…

Pentagon mobilizes hackers against Islamic State group

Posted on February 29, 2016 by Dissent

W. J. Hennigan reports: Military commanders have mounted a cyberoffensive against Islamic State in Iraq and Syria in recent weeks by deploying hackers to penetrate the extremist group’s computer and cellphone networks, according to the Pentagon. The cyberassault, which Defense Secretary Ashton Carter authorized last month, marks the first time teams from U.S. Cyber Command…

HIPAA Covered Entities Not Responsible For Intercepted Transmission of PHI When Individual Requested Unsecured Transmission, Office for Civil Rights Concludes

Posted on February 29, 2016 by Dissent

Joseph Lazzarotti of Jackson Lewis highlights an important note in recent OCR guidance: What is a covered entity’s obligation under the Breach Notification Rule if it transmits an individual’s PHI to a third party designated by the individual in an access request, and the entity discovers the information was breached in transit? If a covered…

Federal Times obtained and analyzed 26,381 security incidents reported by HHS components over a 30-month period

Posted on February 28, 2016 by Dissent

Kudos to Federal Times, who obtained a tremendous amount of data from HHS about security incidents involving their component systems. Aaron Boyd reports on their analysis of data, which was obtained through a Freedom of Information request. The analyses look at types of attacks by components of HHS. Here’s some of their analysis and findings: The records…