It’s not enough I come across a payment card breach notification with a lot of detail, so I was surprised to read a notification of an e-commerce breach from Bailey’s to the Oregon Attorney General’s Office that provided so much information. Look at the first few paragraphs of the timber harvest gear firm’s notification. It includes the date…
Category: Commentaries and Analyses
Pentagon mobilizes hackers against Islamic State group
W. J. Hennigan reports: Military commanders have mounted a cyberoffensive against Islamic State in Iraq and Syria in recent weeks by deploying hackers to penetrate the extremist group’s computer and cellphone networks, according to the Pentagon. The cyberassault, which Defense Secretary Ashton Carter authorized last month, marks the first time teams from U.S. Cyber Command…
HIPAA Covered Entities Not Responsible For Intercepted Transmission of PHI When Individual Requested Unsecured Transmission, Office for Civil Rights Concludes
Joseph Lazzarotti of Jackson Lewis highlights an important note in recent OCR guidance: What is a covered entity’s obligation under the Breach Notification Rule if it transmits an individual’s PHI to a third party designated by the individual in an access request, and the entity discovers the information was breached in transit? If a covered…
Federal Times obtained and analyzed 26,381 security incidents reported by HHS components over a 30-month period
Kudos to Federal Times, who obtained a tremendous amount of data from HHS about security incidents involving their component systems. Aaron Boyd reports on their analysis of data, which was obtained through a Freedom of Information request. The analyses look at types of attacks by components of HHS. Here’s some of their analysis and findings: The records…
You’re on File: Inside Story on China’s Database of Americans
Joshua Phillip reports: An insider in China has revealed to the Epoch Times that he helped build a database that is now being used to handle Americans’ personal information stolen in cyberattacks. The FBI revealed on June 4, 2015, that a cyberattack, allegedly from China, stole personal information on close to 21.5 million U.S. federal employees…
uKnowKids updates its breach report and answers a question I posed
There’s an update to uKnowKids’ breach disclosure, here. They assert that their analysis shows only one IP address – presumably researcher Chris Vickery’s – downloaded any data from their misconfigured database. They do not name the provider responsible for security the database. According to their statement, the misconfigured instance of the database occurred on December…