If you follow HHS’s public breach tool and investigations closely, two reports from the Office of the Inspector General (OIG) finding lax oversight and insufficient follow-up will come as no surprise. Susan Hall of FierceHealthIT has a good recap: The former report was based on reviews of a statistical sample of privacy cases investigated by OCR between September…
Category: Of Note
Russian Developer of the Notorious Citadel Malware Sentenced to Prison
Dimitry Belorossov, a/k/a Rainerfox, has been sentenced to four years, six months in prison following his guilty plea for conspiring to commit computer fraud. Belorossov distributed and installed Citadel, a sophisticated malware that infected over 11 million computers worldwide, onto victim computers using a variety of infection methods. According to U.S. Attorney Horn, the…
Patreon Hacked: Some User Information Compromised (UPDATE: Data Dumped?)
Brady Dale reports: Another company has been hacked, but this time it’s one that’s working to help creative people support their work and keep the lights on as they do so: Patreon. The company facilitates ongoing, recurring payments to creative people or projects as a way of showing support for what they do. Jack Conte, CEO…
Watchdog: Top Secret Service official wanted information about Chaffetz made public
Shades of J. Edgar and dirty politics! I’m classifying this as a privacy breach and also an infosec breach as these data were supposed to be protected. Carol D. Leonnig and Jerry Markon report: The Secret Service’s assistant director urged that unflattering information the agency had in its files about a congressman critical of the service should be made public,…
Trump International Hotel & Tower Las Vegas notifying customers that malware was present in payment card system for more than one year (UPDATE 1)
Norton Rose Fulbright, a law firm representing The Trump Hotel Collection, is sending out notifications to customers who used a payment card at Trump International Hotel & Tower Las Vegas between May 19, 2014, and June 2, 2015. They write: Although an independent forensic investigation has not conclusively determined that any particular customer’s payment card information was taken…
Does the FTC really assess compliance with consent orders? If so, how well?
Add this analysis and commentary by Chris Hoofnagle to your must-read list. Assessing the Assessments When companies settle FTC charges, they often agree to extended periods of oversight by the Agency. The FTC requires companies to be regularly assessed by an outside firm during the oversight period. In my forthcoming book, I argue that this assessment…