The breach in question may have begun in January, 2012, years before OH Muhlenberg acquired Muhlenberg Community Hospital, but it potentially impacted all patients, all payment guarantors, employees and some credentialed providers after that date and before OH Muhlenberg learned of the breach and contained it. This incident does not yet appear on HHS’s public…
Category: Of Note
OPM’s $20M contract for ID theft protection violated federal rules
Can OPM do anything right? In this week’s installment of their totally infuriating breach and breach response saga, it appears that they didn’t follow proper procedures in awarding a contract for ID theft monitoring services for breach victims. Jack Moore reports: The inspector general of the Office of Personnel Management says a $20 million sole-source…
Massive Hack of 70 Million Prisoner Phone Calls Indicates Violations of Attorney-Client Privilege
Jordan Smith and Micah Lee report: An enormous cache of phone records obtained by The Intercept reveals a major breach of security at Securus Technologies, a leading provider of phone services inside the nation’s prisons and jails. The materials — leaked via SecureDrop by an anonymous hacker who believes that Securus is violating the constitutional rights of inmates — comprise over…
You Only Need One Password to Access the Allegedly Hacked Law Enforcement Databases
Meant to post this one yesterday, but got sidetracked. It’s a great reminder of how if you try to make things more user-friendly, you may also significantly compromise security – and in this case a LOT of government files that should be secured better. Aliya Sternstein reports: The U.S. government recently lassoed together a bunch of intelligence…
Standing in Data Breach Cases: A Review of Recent Trends
Robert D. Fram, Simon J. Frankel and Amanda C. Lynch of Covington & Burling write: For most substantial companies, it is said, experiencing a data breach is not a matter of “if,” but “when.” Particularly when a company is consumer-facing, any publicized data breach is likely to be followed by consumer class action lawsuits. For…
A Closer Look at CISA’s Cybersecurity Information-Sharing Provisions
David Fagan, Ashden Fein and David Bender write: As we reported on October 27, the U.S. Senate passed the Cybersecurity Information Sharing Act (“CISA,” S. 754). If enacted into law, CISA would, among other things, establish a voluntary framework for the sharing of cybersecurity threat information between and among the federal government and private entities. CISA must…