Dan Munro had an interesting conversation with Jeff Williams of Contrast Security at BlackHat, which led to a draft scoring system for data breaches and corporate responses: Tone – Is the announcement apologetic and not blaming? Does it acknowledge that there should have been better defenses and that the breach should have been detected and been…
Category: Of Note
UK: Sage suffers data breach that may impact employees of as many as 300 companies
Lauren Fedor reports: Personal details and bank account information for employees of as many as 300 UK companies may have been compromised as part of a data breach at Sage, the UK software group. […] On Friday, the Newcastle-based group notified around 200 of its current UK business customers that their information — including employee bank…
Valley Anesthesiology and Pain Consultants Notifying 882,590 Patients PLUS all Employees and Providers of Security Incident
If you can’t prove there was no access, the presumption is that it’s a reportable breach. Today, Valley Anesthesiology and Pain Consultants (VAPC) announced that it is addressing a security incident involving certain patient, provider and employee information. VAPC is providing notice to approximately 882,590 patients, and all current and former employees and providers, who…
Bon Secours notifies 655,000 patients that vendor error exposed patient info on Internet
Bon Secours Health System, Inc. (“Bon Secours”) and its affiliates are committed to maintaining the privacy and security of our patient information. This notice is to inform our patients of an incident involving one of our vendor’s handling of some patients’ information. On June 14, 2016, Bon Secours discovered that files containing patient information inadvertently…
Walgreens avoids penalty after 9-year privacy breach investigation
I have been following this case from the beginning and wondering why the heck HHS didn’t come down on Walgreens like they did on their competitors CVS and RiteAid. And now we learn that OCR just closed the case with no penalty? Seriously? So CVS and RiteAid get clobbered by both the FTC and HHS/OCR, and Walgreens…….
Analysis of World Check data leak by Risk Based Security: Hackers & Collectives
From RBS: In early July, it was revealed that a Thomson Reuters service known as World-Check had licensed information to a client that subsequently failed to secure the database. The leak, discovered by Chris Vickery, affected over 2.2 million persons identified as “heightened-risk individuals” that had been included in the World-Check database between 3/17/2000 and 9/17/2014. Shortly after the discovery, Risk…