Charlie Cooper reports: Health apps accredited by the NHS may not be adequately protecting personal information from hackers, a university study has claimed. Experts in the UK and France subjected 79 health apps listed by the NHS’s ‘Health Apps Library’ to security checks. They found that around a third were sending identifiable information such as…
Category: Commentaries and Analyses
Audit finds inadequate cybersecurity at HealthCare.gov
Ricardo Alonso-Zaldivar of AP reports that an audit by the Inspector General for Health and Human Services found serious security deficiencies in the system used to store data collected via healthcare.gov. The Obama administration said it acted quickly to fix all the problems identified by the Health and Human Services inspector general’s office. But the…
UK: Emails reveal how Rotherham Council bosses ‘covered up’ laptop theft details and didn’t even get a slap on the wrist from the ICO
Back in February, this site noted a report indicating that Roterham Council had covered up the theft of 21 laptops containing sensitive information about victims of child sexual exploitation. Now more details have emerged about the cover up. Chris Burn of The Star reports on documents obtained under Freedom of Information from the Information Commissioner’s Office….
U.S. SEC fines advisory firm for shoddy controls following cyber attack traced to China
Sarah N. Lynch reports: A St. Louis-based investment advisory firm will pay $75,000 to settle civil charges alleging it failed “entirely” to protect its clients from a July 2013 cyber attack that was later traced to China, U.S. regulators said on Tuesday. The Securities and Exchange Commission said R.T. Jones Capital Equities Management did not…
State Data Breach Notification Requirements Specifically Applicable to Insurers
Patrick H. Haggerty’s article is particularly timely this week in light of the Systema Software data leak. Almost all U.S. states and territories have enacted breach notification laws requiring private and/or government entities to notify individuals when their personal information is compromised. These laws vary, and much has been written about the challenges caused by…
Should Hacked Feds Lose Security Clearance?
Jack Moore reports: If you fall for a phishing email, should you have your ability to handle sensitive government information revoked? At least one federal chief information security officer is concerned about how frequently even senior-level federal employees fall for the bogus emails and is considering get-tough solutions. Read more on Defense One. via Ars Technica