Hot off the presses: there’s been another settlement announced by OCR. This one involves Lahey Hospital and Medical Center (Lahey Clinic Hospital), who have agreed to pay $850,000 and to adopt a robust corrective action plan to correct deficiencies in its HIPAA compliance program. Lahey is a nonprofit teaching hospital affiliated with Tufts Medical School, providing primary…
Category: Of Note
Hilton Worldwide discloses malware-related payment card breach began in November, 2014 (Update2)
From a statement on their site today: Hilton Worldwide (NYSE: HLT) has identified and taken action to eradicate unauthorized malware that targeted payment card information in some point-of-sale systems. Hilton immediately launched an investigation and has further strengthened its systems. Hilton Worldwide worked closely with third-party forensics experts, law enforcement and payment card companies on…
FBI has lead in probe of 1.2 billion stolen Web credentials: documents
Nate Raymond reports: A hacker who once advertised having access to user account information for websites like Facebook and Twitter has been linked through a Russian email address to the theft of a record 1.2 billion Internet credentials, the FBI said in court documents. That hacker, known as “mr.grey,” was identified based on data from a…
OPM OIG Audit Finds Significant Problems Remain
From the Executive Summary of FY 2015 FISMA Results: The significant deficiency related to information security governance has been dropped due to the reorganization of the Office of the Chief Information Officer (OCIO). OPM’s system development life cycle policy is not enforced for all system development projects. OPM does not maintain a…
Dallas County has been exposing tens of thousands of people’s SSN and details for more than a decade – CBS
CBS Dallas isn’t revealing details because, despite their warnings to the county for 6 months and despite assurances from the county that it would address the problem, Dallas County still hasn’t secured the personal information of tens of thousands of North Texans. Personal information, including Social Security Numbers, addresses, dates of birth, and driver’s license numbers have reportedly…
LabMD Sues FTC Complaint Counsel Lawyers Over Data Security Case
C. Ryan Barber reports that one week after the initial decision by Administrative Law Judge D. Michael Chappell in FTC v. LabMD, Michael Daugherty and LabMD filed a civil suit against three FTC attorneys involved in the case. The suit, which names Carl Settlemyer, Alain Sheer and Ruth Yodaiken as defendants, was filed Friday in U.S. District Court for…