HHS announced another settlement today. This one stemmed from a 2011 incident that was previously covered on this site. Once again, the take-home message is that you need to do a risk assessment, and you need a risk management plan commensurate with your risk assessment. In this case, there was no prior risk assessment, and…
Category: Of Note
Shadow Brokers Publish the Password for the Rest the Stolen NSA Hacking Tools (and Lecture President Trump)
Catalin Cimpanu reports: The Shadow Brokers (TSB) are back, and they’ve released the password for the rest of the hacking tools they claim to have stolen from the NSA last year.TSB is a mysterious group that appeared in the summer of 2016 when they dumped on GitHub and other sites a trove of files they…
Leak of diabetic patients’ data highlights risks of giving info to telemarketers
Personal and health information of 918,000 vulnerable seniors was exposed on the Internet for months by a software developer working on a project. No one would have even known about it if the leak hadn’t been found by a guy with “too much time on his hands.” Before you give your personal or health insurance…
Breach of Financial-Aid Tool May Have Compromised Data on 100,000 Taxpayers
Adam Harris reports: Nearly 100,000 taxpayers may have had their personal information compromised by a security breach of an Internal Revenue Service tool that makes it easier to fill out the Free Application for Federal Student Aid, the Fafsa, according to the IRS commissioner, John Koskinen, who testified on Thursdaybefore the Senate Finance Committee. The tool,…
Highly confidential psychotherapy records from Maine center listed on the dark web
Update of April 24: On April 21, BHC reported this incident to HHS as impacting 4,229 patients. Original Post: In what may be the worst breach of 2017 so far in terms of highly sensitive and confidential patient records, a behavioral and mental health center in Maine recently learned that its patients’ records – including…
Developing: Justin Shafer arrested, charging with cyberstalking FBI agent’s family
In what has become an increasingly bizarre case, researcher Justin Shafer was arrested Friday evening, detained in Dallas County Jail over the weekend on a “hold” request from the FBI, and then transferred to federal court today, where he was charged with cyberstalking. For the benefit of those who haven’t followed this story from the beginning: Shafer…