Jennifer Baker reports: The UK’s data protection watchdog has said issuing fines “left, right and centre” is not the way to ensure privacy. However, Information Commissioner Christopher Graham added that this doesn’t mean his office shouldn’t have those exact powers at its disposal. “The obligation laid on data protection authorities always to fine data controllers…
Category: Commentaries and Analyses
Epic played no part in Coast Guard health-data privacy shortcomings
Mark Sullivan reports: A new report from the Department of Homeland Security’s Office of Inspector General (OIG) says that the U.S. Coast Guard holds plenty of personally identifiable health information in its servers but lacks a strong approach to dealing with privacy issues. The report grew from a DHS audit that focused on practices and procedures for…
If the FTC comes to call
Mark Eichorn of the FTC writes: It’s a question we’re asked a lot. “What happens if I’m the target of an FTC investigation involving data security?” We understand – no one wants to get that call. But we hope we can shed some light on what a company can expect. First things first. All of…
Dentrix vulnerability still poses risk to patient data: researcher
In early 2014, and over on PHIprivacy.net, I published some posts expressing concern about a vulnerability in Dentrix software, Dentrix’s claims at the time that its G5 product incorporated “encryption,” and their subsequent decision that the firm would not individually notify all customers that what the customers had been sold as “encryption” was not encryption. Following up on the public posts,…
‘Millions’ of routers open to absurdly outdated NetUSB hijack
Darren Pauli reports: SEC Consult Vulnerability Lab Stefan Viehbock says potentially millions of routers and internet of things devices using KCodes NetUSB could be exposed to remote hijacking or denial of service attacks. The packet fondler says the vulnerability (CVE-2015-3036) hits the Linux kernel module in scores of popular routers which serves to provide network…
Airplane hacking panic! Why it’s a surely a storm in a teacup
There has been much media coverage of Chris Robert’s alleged claims about controlling an airplane in-flight. I haven’t bothered to link to them as they generally just re-hash what is already known and not known. But Iain Thomson got a more detailed response from those who are skeptical about Roberts’ claims: At last year’s…