Jeremiah Fowler reports on another unsecured elasticsearch database that his firm has found: On March 27th I discovered an unsecured Elasticsearch database that contained what appeared to be members of a medical evacuation membership service. Upon further inspection of the data there were many references that the data allegedly belonged to Florida based SkyMed. It…
Category: Federal
SEC Warns Advisers Over Privacy Compliance Issues
Craig A. Newman of Patterson Belknap writes: The Securities and Exchange Commission is warning investment firms to step up their game when it comes to following the agency’s privacy rules. In a Risk Alert issued by the Office of Compliance Inspections and Examinations (OCIE), a laundry list of compliance “deficiencies or weaknesses” were identified in…
HHS exercises enforcement discretion and reduces maximum civil penalties
Those who want to see HHS/OCR come down like a ton of bricks on more entities and impose heavier civil monetary penalties for HIPAA breaches will likely not be happy to learn that HHS has decided to reduce the maximum civil penalties it will impose for the four tiers of violations of HIPAA. Under the…
The Lack of an Adequate HIPAA Security Risk Assessment is a Common and Costly Mistake by Healthcare Providers: What Providers Can Do Now
Erin Smith Aebel of Shumaker, Loop & Kendrick, LLP writes: Health care providers and others who must comply with the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) have specific requirements under the Security Rule to HIPAA when it comes to their maintenance of electronically held protected health information. One of those requirements is…
MD Anderson Cancer Center Appeals $4.3 Million HIPAA Fine
Marianne Kolbasuk McGee reports: The University of Texas MD Anderson Cancer Center has filed a lawsuit arguing that a $4.3 million HIPAA penalty levied against it last year by the Department of Health and Human Services following three data breaches involving unencrypted devices was unlawful. In the complaint filed Tuesday in a Texas federal court,…
Elizabeth Warren proposes holding execs criminally liable for scams and data breaches
Cory Doctorow reports: A new bill from Senator Elizabeth Warren proposes personal, criminal liability for top executives of companies turning over more than $1B/year when those companies experience data breaches and scams due to negligence (many of the recent high-profile breaches would qualify, including the Equifax giga-breach, as well as many of Wells Fargo’s string…