HIPAA lawyer Matt Fisher has a thoughtful commentary inspired by an OCR investigation first reported on this site. Unlike the FTC who have tended to demand 20-year monitoring plans as part of their settlements with entities that have data security breaches, OCR tends to use a more educative approach without monetary penalties or long-term monitoring in…
Category: Of Note
Alibaba passes blame for Alipay thefts to Apple
Asia Times reports: Chinese tech giant Alibaba warned users on Wednesday that they could be at risk from making cashless transactions or paying bills with its Alipay application on Apple gadgets, stressing that the security loophole was not the fault of its app but of the US firm. An Apple security breach was blamed by…
Google Exposed User Data, Feared Repercussions of Disclosing to Public
Douglas MacMillan and Robert McMillan report: Google exposed the private data of hundreds of thousands of users of the Google+ social network and then opted not to disclose the issue this past spring, in part because of fears that doing so would draw regulatory scrutiny and cause reputational damage, according to people briefed on the…
MedCall Advisors suffers second data leak in less than one month
A few weeks ago, DataBreaches.net reported on a leaky Amazon S3 bucket owned by MedCall Advisors in North Carolina. The leak, which exposed approximately 3,000 patients’ protected health information, was discovered by UpGuard, who published a number of redacted screenshots to document the leak. Their detailed report also noted how Randy Baker, the CEO of MedCall…
An OCR investigation illustrates the value of investigating small and medium-sized entities
One of the common themes in discussing security is that many organizations are not “mature” yet. And of course, as HIPAA recognizes in its security rule, smaller practices should not be expected to do everything you might expect a larger hospital system to do. But even small or medium-sized entities need to comply with the core…
St. Petersburg timeline on Click2Gov raises questions as to whether the vendor was proactive or not
I have commented on the Click2Gov breach a few times — mostly wondering aloud why so many customers do not seem to have been made aware that they needed to update immediately, etc. Both RBS and FireEye have both discussed the Click2Gov incident in more depth. But now look at this disclosure from St….