From HHS OCR: The University of Rochester Medical Center (URMC) has agreed to pay $3 million to the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS), and take substantial corrective action to settle potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules….
Category: Of Note
Now available: Catalan Information Security Center produces reports in English for the 2019 Barcelona Congress
CESICAT (Information Security Center of Catalonia) contacted me this week to share some news and to ask me to share it with my readers and followers on Twitter. I am delighted to. CESICAT is a public organization committed to protecting cybersecurity of the public sector in Catalonia. Next year they will become the Cybersecurity Agency…
Europol Publishes Law Enforcement and Industry Report on Spear Phishing
The Hague — Today, 4 November 2019, Europol’s European Cybercrime Centre (EC3) published a strategic report on spear phishing, reflecting the views of both law enforcement and private industry on one of the most prevalent cyber threats currently affecting organisations across the EU. Spear phishing describes the practice of targeting specific individuals within an organisation…
One year after mandatory breach reporting was enacted in Canada, there are 6 times as many breach reports
One year ago, Canadian businesses became subject to increased data breach notification requirements under PIPEDA (the Personal Information Protection and Electronic Documents Act). Rather than deciding whether to voluntarily disclose or report breaches, they were now required to report all breaches that pose a significant risk of harm to individuals to the Office of the…
Desjardins data breach much larger than first estimated, affecting ALL 4.2 million members
Frédéric Tomesco reports: All of Mouvement Desjardins’ individual members, 4.2 million people, have had their personal information compromised as a result of the actions of a single employee, who has since been fired, chief executive officer Guy Cormier said Friday. That’s about 56 per cent more than the total that Desjardins first disclosed June 20. With Sûreté du…
It’s “completely ridiculous” that pentesters are still facing criminal charges in Iowa for doing what they were hired to do.
If Iowa doesn’t get its act together, businesses and government will have trouble getting security firms to analyze and test their security. Even after law enforcement was told that Justin Wynn and Gary DeMercurio were Coalfire employees just doing what Coalfire had been hired to do by the judicial branch, the men are still facing…