Analysis of Hopkins v. Kay, this by Bradley J. Freedman, Barry Glaspell and Patrick Hawkins of Borden Ladner Gervais LLP: … In Hopkins v. Kay, a patient of a hospital, on her own behalf and that of other patients in the “class” proposed to be certified by the court, alleged that her hospital records had been accessed by…
Category: Commentaries and Analyses
NCUA releases OIG report on Oct. Palm Springs FCU data breach
There’s a follow-up to a Palm Springs Federal Credit Union breach reported last year. The Credit Union National Association (CUNA) writes: The National Credit Union Administration’s Office of the Inspector General (OIG) has released a review regarding a data breach that occurred late last year. The agency confirmed that an external flash drive containing personal information for approximately…
IRS’s Top Ten Identity Theft Prosecutions
Continuing its enforcement push against refund fraud and identity theft, the Internal Revenue Service announced the Top Ten Identity Theft Prosecutions for Fiscal Year 2014 (FY14). The ongoing efforts to bring identity thieves to justice remains a significant priority as part of the IRS’s comprehensive identity theft strategy focusing on preventing, detecting and resolving identity…
US watchdog: Anthem snubbed our security audits before and after enormous hack attack
Shaun Nichols reports: A year or so before American health insurer Anthem admitted it had been ruthlessly ransacked by hackers, a US federal watchdog had offered to audit the giant’s computer security – but was rebuffed. And, after miscreants looted Anthem’s servers and accessed up to 88.8 million private records, the watchdog again offered to audit the insurer’s…
The Daily Mail did what U.S. media didn’t do: FOI the U.S. Education Department for Insider Breaches
From the good-for-them dept.: The Daily Mail in the U.K. filed a Freedom of Information request with the U.S. Education Department and obtained over 100 pages of responsive documents to their request for records relating to employee misuse of department computers. They have made the entire file available on their site. Note that this is…
Complicated relationships and breach notification requirements
A notification to the New Hampshire Attorney General’s Office from McDermott Will & Emery LLP provides a useful illustration of how some organizations may be struggling to determine their notification obligations to states as a result of the Anthem breach: If a law firm has trouble figuring out their obligations, can you imagine what others are struggling with? Coincidentally, perhaps, an attorney at…