The Office for Civil Rights (OCR) at the U.S Department of Health and Human Services concluded an all-time record year in Health Insurance Portability and Accountability Act (HIPAA) enforcement activity. In 2018, OCR settled 10 cases and was granted summary judgment in a case before an Administrative Law Judge, together totaling $28.7 million from enforcement…
Category: Of Note
Community Health System Agrees to Settlement of $4.5 Million for 2014 Data Breach
As I reported recently, the 2014 Community Health System breach has settled for $4.5 million. Linn F. Freedman of Robinson & Cole has a concise summary on The National Law Review. The data breach, believed to be caused by Chinese hackers, compromised the names, dates of birth, addresses, telephone numbers, and Social Security numbers of…
Insurance Data Security Model Law Picks Up Steam
Andreas Kaltsounis and Shea M. Leitch of BakerHostetler write: Three states recently enacted variations of the National Association of Insurance Commissioner’s (NAIC) Insurance Data Security Model Law (MDL-668), based on the landmark cybersecurity requirements issued by the New York Department of Financial Services (NYDFS) in March 2017. The NYDFS requirements apply to certain banking, insurance…
Accused hacker Lauri Love to sue National Crime Agency to retrieve confiscated computing kit
Paul Kunert reports: Lauri Love, the Brit who beat US attempts to extradite him over accusations of hacking, is suing Blighty’s National Crime Agency (NCA) to get back computing gear seized in 2013 as part of the case against him. More than five years ago, Love was indicted across the pond over allegations he hacked…
Accusations fly between a researcher and a vendor over a vulnerability and a bug bounty that was never paid
Wow. Following a serious vulnerability disclosure affecting casinos globally, an executive of casino technology vendor Atrient has assaulted the security researcher who disclosed the vulnerability at the ICE conference in London. This is the story of a vulnerability disclosure gone bad, one involving the FBI, a vendor with a global customer base of casinos and…
Hackers targeted universities with phishing attacks
The FBI has published more about a case that was previously reported on this site (the DOJ’s press release at the time can be found here). Today, the FBI wrote: Two men who were citizens of Nigeria, living in Malaysia, and conducting their crimes from behind computers likely assumed they were safe from the reach…