Commentaries and Analyses – Page 835

OCR/HHS reveals two more breaches

Posted on March 1, 2010 by Dissent

The public list of breaches reported to HHS under the HITECH Act was updated to add two entries. Both entries are associated with the same business associate: MSO of Puerto Rico. I do not see anything on the web sites of the covered entities or the business associate about the incident nor did I see…

Lost or stolen?

Posted on February 28, 2010 by Dissent

In the big scheme of things, it may be small breach report. But the difference between what Ameriprise Financial told the state attorney general and what they told the client caught my eye. In a notification letter to the New Hampshire Attorney General’s Office, Ameriprise Financial Services informed the state that they had had a…

“It is an understatement to say that BlueCross regrets this data breach.”

Posted on February 27, 2010 by Dissent

The breach disclosure notification provided by BCBS of Tennessee to the Maryland Attorney’s General Office has just been made available online. The detailed letter about the theft of 57 hard drives from a Chattanooga facility, dated December 16, 2009, provides additional insight into the mammoth chore BCBS faced trying to determine what data were…

Recommended: The Curious Case of EMI v. Comerica

Posted on February 26, 2010 by Dissent

David Navetta writes: Security breaches in the online banking world continue to yield interesting lawsuits (you can read about three others in this post). The latest online banking lawsuit filed by Experi-Metal Inc. (“EMI”) against Comerica (the “EMI Lawsuit”) provides some new wrinkles that could further illuminate the boundaries of “reasonable security” under the law….

Nl: Student info often leaked

Posted on February 26, 2010 by Dissent

Karin Spaink provides an English summary of a news story on education sector breaches in the Netherlands: The teachers union (Algemene Onderwijsbond) researched how often student information is accessible via Google. They found quite a lot: list of home addresses, student reports, progress reports, assessment reports. The union notified all the universities, faculties and training…

The Cost Of A Breach, Heartland Style: At Least $129 Million; Might Be $229 Million

Posted on February 24, 2010 by Dissent

Evan Schuman comments: In its latest financial report, Heartland Payment Systems reported that it dropped $129 million on data breach costs last year (an incident that briefly placed Heartland on Visa’s Bad Breach Boy list). The company added that it still has a reserve of $100 million for additional expenses. As a processor, Heartland’s pain…