There’s an update to uKnowKids’ breach disclosure, here. They assert that their analysis shows only one IP address – presumably researcher Chris Vickery’s – downloaded any data from their misconfigured database. They do not name the provider responsible for security the database. According to their statement, the misconfigured instance of the database occurred on December…
Category: Commentaries and Analyses
FTC Says Listen Up When Vulnerability Reports Come In
James Denvil and Paul Otto of Hogan Lovells write: The FTC wants companies to listen. More precisely, the FTC wants companies to pay attention to and promptly to respond to reports of security vulnerabilities. That’s a key takeaway from the Commission’s recent settlement with ASUSTek (“ASUS”). In its complaint against the Taiwanese router manufacturer, the FTC alleged that ASUS…
MY: Personal health data theft scary
From a letter to the editor of by S.M. Mohamed Idris of The Consumers’ Association of Penang (CAP) in Malaysia: [CAP] is distressed by the recent news that a group of hackers had hacked into the systems of both government and private hospitals and stolen the personal health data of tens of thousands of individuals – data…
Still lazy after all these years? 2,000 personal photos, emails, and other info found on used smartphones
David Bisson writes: In a recent experiment, researchers found 2,000 personal photos, email messages, and other information stored on used phones they purchased from pawn shops. Avast’s Deborah Salmi explains in a blog post how the security company’s researchers purchased some 20 used phones from pawn shops located in New York, Paris, Barcelona, and Berlin. Each shop…
Thieves Are Using Ransomware Programs to ‘Kidnap’ People’s Data Until They Pay
John Dyer has a report on ransomware with some interesting statistics: An October study by Cisco Systems’ Talos security unit estimated that unnamed hackers using Angler Exploit — just one of a handful of commonly used ransomware bugs — netted $60 million annually. In December, a Kaspersky Lab report found that ransomware infections doubled last year compared to 2014….
Addressing Gaps in Cybersecurity: OCR Releases Crosswalk Between HIPAA Security Rule and NIST Cybersecurity Framework
The sensitive health information maintained by health care providers and health plans has become an increasingly attractive target for cyberattacks. The need for health care organizations to up their game on health data security has never been greater. To help health care organizations covered by the Health Insurance Portability and Accountability Act (HIPAA) to bolster…