Harper Neidig reports that the Pennsylvania Attorney General is suing Uber over its 2016 data breach. The following is the state’s press release: HARRISBURG – Pennsylvania Attorney General Josh Shapiro today filed a lawsuit against Uber Technologies, Inc. for violating Pennsylvania’s data breach notification law. Uber knew for more than a year that a data breach potentially impacting…
Category: Of Note
Survey: 18% of Health Employees Would Sell Confidential Data
Those who said they were willing to sell the data would do so for as little as between $500 and $1,000. Alexandra Wilson Pecci reports: Patients trust their healthcare providers to keep their data safe, but according to a new survey, that trust might sometimes be misplaced. The Accenture survey found that nearly one in…
Regulatory Gap: Cybersecurity at K-12 Schools
Nicole Della Ragione and Leora F. Ardizzone report: While data breaches at Equifax, Yahoo, Anthem and Target have made the national news, data breaches at school districts are not as widely publicized. Schools are a treasure trove of children’s personally identifiable information (PII) (e.g., name, address, Social Security number) and protected health information (PHI), as…
Amazon Releases New Guidance on AWS and FERPA
Dian Schaffhauser reports: More than two years after issuing guidance on FERPA compliance and Amazon Web Services, Amazon has updated the whitepaper to lay out the company’s “shared responsibility model” and provide specific guidance on 24 different AWS services. The Family Educational Rights and Privacy Act, in general, calls for schools and agencies to “reasonably…
Germany admits hackers infiltrated federal ministries, Russian group suspected
DW reports: The German government confirmed on Wednesday that it had suffered a large cyberattack that infiltrated federal computer networks. Citing anonymous sources, German news agency dpa had earlier reported that the Russian hacking group APT28 had placed malware in a government network and infiltrated the Foreign and Defense Ministries. The sources said the malware could have…
Mercy Health Love County Hospital and Clinic notifies patients about unaccounted-for computers
Mercy Health Love County Hospital and Clinic in Oklahoma appears to be having a rough year with breaches and notifications. As previously reported on this site, last summer they had an incident involving medical records being stolen for identity theft. They disclosed that incident in July, and in September, 2017, they reported it to HHS….