Delia Ephron writes: There is probably nothing about me that is not in the hands of hackers. First, JPMorgan Chase, where I have a bank account, got hacked, then Sony, where I have worked as a screenwriter, then Morgan Stanley, where I have a brokerage account, then Anthem Blue Cross, which has my medical information. Read…
Category: Commentaries and Analyses
California Health Care Facility Breach Statute Updated: Changes Effective Now
Paula Stannard reminds us: As a result of recent breaches – including breaches of health information and information held by health insurers – a great deal of attention has recently been focused on state data breach notification requirements. Most States have general data breach notification requirements that apply to all data breaches, including those involving…
Despite Wave Of Data Breaches, Official Says Patient Privacy Isn’t Dead
Charles Ornstein of Pro Publica talked with Jocelyn Samuels, director of OCR. You can read his interview on ProPublica.org. Pretty much everything they touched on has been discussed numerous times on PHIprivacy.net, so you may not find anything new in the interview if you were a regular reader of PHIprivacy.net, but I suppose it’s still reassuring…
OCR’s Enforcement of HIPAA’s Privacy and Security Rules Continues with Robust 2014
From the I-must-have-a-different-definition-of-‘robust’ dept.: Douglas Dahl writes: With the news of the recent cyber-attack and resulting data breach at health insurance giant Anthem Inc., the buzz around data security and privacy is again high. The Anthem breach serves as a reminder to those entities subject to the Health Insurance Portability and Accountability Act (HIPAA) that…
GAO: IRS Needs to Continue Improving Controls over Financial and Taxpayer Data
What GAO found in its new report on Information Security and the IRS: The Internal Revenue Service (IRS) made progress in implementing information security controls; however, weaknesses limit their effectiveness in protecting the confidentiality, integrity and availability of financial and sensitive taxpayer data. During fiscal year 2014, IRS continued to devote attention to securing its…
Wyndham: A Case Study in Cybersecurity: How the cost of a relatively small breach can rival that of a major hack attack
Timothy Cornell of Clifford Chance US LLP has an interesting write-up on the Wyndham case that really details the time and labor costs of responding to a government investigation following a data breach. Here’s an example: On April 8, 2010, the FTC began to investigate Wyndham Worldwide and three of its subsidiaries (collectively “Wyndham”), sending Wyndham…