David Silverman writes: [Eric’s intro: this blog post helps distill Judge Koh’s two rulings, In re Anthem Inc. Data Breach Litig., No. 15-MD-02617 (N.D. Cal. Feb. 16, 2016) (“Anthem I”) and In re Anthem Inc. Data Breach Litig., No. 15-MD-02617 (N.D. Cal. May 27, 2016) (“Anthem II”). These are complicated opinions, and I hope this post helps…
Category: Of Note
Hack of former DST business exposes Blue Cross Blue Shield member info
This may turn out to be one of the biggest healthcare sector breaches of the year. Kansas City Business Journals reports: Newkirk Products Inc. reported a security breach of personal information for health insurance ID cards, including those for Blue Cross and Blue Shield of Kansas City. However, Newkirk said in a Friday release, the breach did not…
Data breaches at Advocate Health Care leads to biggest ever settlement
I’ve had a lot of coverage of Advocate Health’s breaches over the past years that you can access here. Here’s is HHS’s announcement of the settlement of their charges: Advocate Health Care Network (Advocate) has agreed to a settlement with the U.S. Department of Health and Human Services, Office for Civil Rights (OCR), for multiple…
Extortion demand on Athens Orthopedic Clinic escalates as patient data is dumped
On June 26, DataBreaches.net reported that several databases with patient information had allegedly been hacked and put up for sale on the dark net by hackers calling themselves TheDarkOverlord (TDO). This site subsequently identified one of the entities as the Athens Orthopedic Clinic in Georgia, and contacted them to alert them that it appeared that…
Massive Cyber Attack at Banner Health Affects 3.7M Individuals
Rajiv Leventhal reports: Phoenix-based Banner Health, one of the largest healthcare systems in the U.S., announced on August 3 that it is notifying approximately 3.7 million individuals about a breach in which cyber attackers gained unauthorized access to computer systems that process payment card data at food and beverage outlets at certain Banner locations. The…
DHS Announces Cyber Incident Reporting Information: US-CERT
The United States Department of Homeland Security (DHS) has released guidelines and points of contact for reporting cyber incidents to the Federal Government. This communication follows the recent release of Presidential Policy Directive 41 (PPD-41)—United States Cyber Incident Coordination—which outlines how the Federal Government will handle cyber incidents. Users and administrators are encouraged to review these documents…