Over the past decade of reporting on healthcare sector breaches, I can probably count on one hand the number of entities who have impressed me that they really “get” that responding to a privacy breach is not primarily about data or statutory notifications. It’s about addressing any distrust or anxiety patients may feel about you protecting their confidentiality, because…
Category: Of Note
Security researcher investigating Bangladesh central bank cyber-heist kidnapped? (UPDATED)
Researching and reporting on data breaches has always had some element of risk attached. You can get accused of hacking, or you can get threatened with litigation. In Brian Krebs’s case, you can find yourself swatted. Or in my case, you can get threatened with infection of HIV. But with the exception of swatting, the rest pales…
Improper disclosure of research participants’ protected health information results in $3.9 million HIPAA settlement
There’s a follow-up to a breach I first noted on this blog in 2012 when Feinstein Institute for Medical Research issued a press release about a laptop stolen from a programmer’s car. Now HHS has issued a press release of its own: Improper disclosure of research participants’ protected health information results in $3.9 million HIPAA…
More details emerge on DOJ probe of Tiversa, company involved in FTC v. LabMD
When I’m right, I’m right. The DOJ did raid Tiversa. DataBreaches.net was subsequently able to get additional details from a source. But first start with this report from Reuters’ Joel Schechtman: Federal agents are investigating whether cyber-security firm Tiversa gave the government falsified information about data breaches at companies that declined to purchase its data protection…
North Memorial Hospital settles HHS charges for $1.55M
First: refresh your memory of a 2011 breach involving Accretive Health, a business associate of North Memorial Hospital. Then read HHS’s press release how that breach just cost North Memorial Hospital $1.55 million, and why: $1.55 million settlement underscores the importance of executing HIPAA business associate agreements North Memorial Health Care of Minnesota has agreed to pay…
Yet more phishing-based compromises involving W-2 tax statement data (Update-24)
(Note: the following is not a complete list… it’s just a list I started after the first few posts on this topic suggested that there would be a lot more. See the “phishing” category of this site for earlier entries this year.) Reports continue to come in to state attorneys general involving the successful spear phishing…