John Beauge reports: A Lycoming County judge has refused to dismiss a vicarious liability claim against UPMC Susquehanna that is being sued because an employee accessed the medical records of a co-worker without authorization. Judge Eric R. Linhardt on Wednesday rejected UMPC’s claim it was not liable because Taylor Fausnaught failed to state any claim…
Category: Of Note
US property and demographic database of 200 million records leaked on the web
Paul Bischoff reports: An exposed online database consisting of some 200 million records included a wide range of sensitive personal and demographic data about residents and their properties. Homeowners were identified as well as info about their credit ratings, net worth, and income, among other details. At this time we have not been able to…
Ransomware Attackers Use Your Cloud Backups Against You
Lawrence Abrams reports: Backups are one the most, if not the most, important defense against ransomware, but if not configured properly, attackers will use it against you. Recently the DoppelPaymer Ransomware operators published on their leak site the Admin user name and password for a non-paying victim’s Veeam backup software This was not meant to expose the…
MO: Judge orders Jefferson City School District to rehire fired administrator
Matthew Sanders Joe McLean report that a court has sided with a former school district employee who had been fired for transferring student files to her personal computer. A judge ruled this week that the Jefferson City School District illegally fired an administrator who transferred work files to her personal computer. Cole County Circuit Judge…
UK: Cathay Pacific Airways Limited fined £500,000 for failing to secure its customers’ personal data
From the ICO: The Information Commissioner’s Office (ICO) has fined Cathay Pacific Airways Limited £500,000 for failing to protect the security of its customers’ personal data. Between October 2014 and May 2018 Cathay Pacific’s computer systems lacked appropriate security measures which led to customers’ personal details being exposed, 111,578 of whom were from the UK, and…
OCR settles complaint against doctor for failure to have appropriate risk assessment and security controls, despite technical assistance
OCR has settled a complaint against a covered entity for violations that first occurred prior to November, 2013, but continued thereafter. Yes, 2013. That’s when Steven A. Porter, M.D., first reported a breach to OCR that involved his business associate Elevation43. According to the complaint Porter filed at the time, and as described by OCR,…