Shaun Nichols reports: A year or so before American health insurer Anthem admitted it had been ruthlessly ransacked by hackers, a US federal watchdog had offered to audit the giant’s computer security – but was rebuffed. And, after miscreants looted Anthem’s servers and accessed up to 88.8 million private records, the watchdog again offered to audit the insurer’s…
Category: Commentaries and Analyses
The Daily Mail did what U.S. media didn’t do: FOI the U.S. Education Department for Insider Breaches
From the good-for-them dept.: The Daily Mail in the U.K. filed a Freedom of Information request with the U.S. Education Department and obtained over 100 pages of responsive documents to their request for records relating to employee misuse of department computers. They have made the entire file available on their site. Note that this is…
Complicated relationships and breach notification requirements
A notification to the New Hampshire Attorney General’s Office from McDermott Will & Emery LLP provides a useful illustration of how some organizations may be struggling to determine their notification obligations to states as a result of the Anthem breach: If a law firm has trouble figuring out their obligations, can you imagine what others are struggling with? Coincidentally, perhaps, an attorney at…
Who ‘owns’ an investigation into a security breach?
Taylor Armerding writes: The last things an organization needs when launching an investigation into any kind of security breach are confusion and disorganization. If it is not clear who is really in charge, or what responsibilities fall to what departments, that is adding trouble to trouble. But that, according to the Security Executive Council (SEC),…
“We take the privacy and security of your information very seriously,” Saturday edition
I’ve been known to get a tad snarky about breach notification letters that begin with how the breached entity takes the privacy and security of our information seriously. Sadly, that line seems to have become a pro forma part of breach notices. Yesterday, though, I read a breach notification from Piedmont Advantage Credit Union about a missing laptop with customer…
NYS Audit: Office of Information Technology Services: Security and Effectiveness of Department of Motor Vehicles’ Licensing and Registration Systems
NYS’s audit of its Office of Information Technology Services Division of Criminal Justice Services’ Core Systems wasn’t the only embarrassing OITS audit released this week. The state also released its audit of the security and effectiveness of OITS’s Department of Motor Vehicles’ Licensing and Registration Systems: Auditors found OITS and DMV are not in compliance with the…