This is what I’ve been saying for ages – the government can and should do more to educate and share information with small businesses. From a new GAO report: The Department of Defense (DOD) Office of Small Business Programs (OSBP) has explored some options, such as online training videos, to integrate cybersecurity into its existing efforts; however,…
Category: Commentaries and Analyses
Health apps approved by NHS ‘may put users at risk of identity theft’
Charlie Cooper reports: Health apps accredited by the NHS may not be adequately protecting personal information from hackers, a university study has claimed. Experts in the UK and France subjected 79 health apps listed by the NHS’s ‘Health Apps Library’ to security checks. They found that around a third were sending identifiable information such as…
Audit finds inadequate cybersecurity at HealthCare.gov
Ricardo Alonso-Zaldivar of AP reports that an audit by the Inspector General for Health and Human Services found serious security deficiencies in the system used to store data collected via healthcare.gov. The Obama administration said it acted quickly to fix all the problems identified by the Health and Human Services inspector general’s office. But the…
UK: Emails reveal how Rotherham Council bosses ‘covered up’ laptop theft details and didn’t even get a slap on the wrist from the ICO
Back in February, this site noted a report indicating that Roterham Council had covered up the theft of 21 laptops containing sensitive information about victims of child sexual exploitation. Now more details have emerged about the cover up. Chris Burn of The Star reports on documents obtained under Freedom of Information from the Information Commissioner’s Office….
U.S. SEC fines advisory firm for shoddy controls following cyber attack traced to China
Sarah N. Lynch reports: A St. Louis-based investment advisory firm will pay $75,000 to settle civil charges alleging it failed “entirely” to protect its clients from a July 2013 cyber attack that was later traced to China, U.S. regulators said on Tuesday. The Securities and Exchange Commission said R.T. Jones Capital Equities Management did not…
State Data Breach Notification Requirements Specifically Applicable to Insurers
Patrick H. Haggerty’s article is particularly timely this week in light of the Systema Software data leak. Almost all U.S. states and territories have enacted breach notification laws requiring private and/or government entities to notify individuals when their personal information is compromised. These laws vary, and much has been written about the challenges caused by…