Kim Hjelmgaard and Elizabeth Weise report: Information from at least 500 million Yahoo accounts was stolen from the company in 2014 and the company believes that a state-sponsored actor was behind the hack. The information may have included names, email addresses, telephone numbers, dates of birth, and, in some cases, encrypted or unencrypted security questions…
Category: Of Note
Dozens of clinics, thousands of patients impacted by third-party data leak
EMR4all, Inc. was a California business providing free EMR software to physical therapy, speech therapy, and occupational therapy practices that used their associated patient billing service, Rehab Billing Solutions (RBS). Over the summer, they began shutting down operations and notifying their clients of their closure. Their effort to make a graceful exit wound up marred by a data…
This Tool Lets You Check If Your Personal Info Is on the Dark Web
Joseph Cox reports: It’s pretty hard to know when your data might have been compromised. Over the last few years, an industry of threat intelligence firms has popped up that offer to monitor criminal forums, paste sites, and Tor hidden services for stolen intellectual property or customer information. Now, one of these companies is letting…
Court orders WakeMed to mitigate breach, pay fine
There’s a follow-up to a lawsuit noted previously on this site, and I think it will be of interest to those interested in healthcare sector breaches. John Murawski reports: WakeMed Health and Hospitals will soon notify thousands of patients that their personal and medical information was disclosed in court filings over six years. A federal bankruptcy…
Report: Third-Party Breaches in the Healthcare Sector Are Nothing to Sneeze At
DataBreaches.net has reported on a number of breaches in the healthcare sector this year that involved third parties, so I thought that I’d try to compile them to see how 2016 was shaping up. The resulting chronology, available in a new report co-authored with Protenus, Inc., includes more than 60 incidents involving business associates or vendors. Highlights of the…
New York State Proposes Cybersecurity Regulation for Financial Services Institutions
Micaela McMurrough, Ashden Fein and Catlin Meade write: On September 13, 2016, New York Governor Andrew Cuomo announced a proposed regulation that would require financial service institutions to develop and implement cybersecurity programs to prevent and mitigate cyber-attacks. The proposed regulation will be subject to a 45-day comment period once it is published in the New York State…