In August 2012, I noted a breach involving the theft of backup media from an unattended vehicle of a Cancer Care Group employee. The backup contained information on 55,000 patients and employees. Now, more than three years later, HHS has announced a settlement with CCG over the breach. As seems to be their style, they…
Category: Of Note
Meanwhile, back at the OPM breach….
Victims of the breach still have not been notified. OPM will start sending postal laters “later this month.” The government will spend $133 million on identity theft protection services. With options, it could go up to $330 million. ID Experts (Identity Theft Guard Solutions LLC) got the gig to provide the service, which will provide…
UCLA Health notifying patients of stolen laptop containing personal health information; third breach report in as many months?
Hard to believe, but UCLA Health is notifying patients of yet another data breach. From a notice issued today: UCLA Health is sending notification letters to 1,242 individuals about the theft of a laptop computer containing patient names, medical record numbers, and health information used to help prepare patient treatment plans. No social security numbers,…
South Korea: KCC introduces ‘strong incentive’ for breach reporting
Oh, this is an intriguing approach. Alice Marini reports: The Korean Communications Commission (KCC) announced, on 21 August 2015, the implementation of a new penalty scheme, which allows companies, that have voluntarily reported a data breach to the KCC, to receive a reduction on the total administrative fine prescribed of up to the 30% (‘the…
Pentagon unveils new rules requiring contractors to disclose data breaches
Aliya Sternstein reports: New sweeping defense contractor rules on hack notifications take effect today, adding to a flurry of Pentagon IT security policies issued in recent years. Just this month, the Office of Management and Budget proposed guidelines to homogenize the way vendors secure data governmentwide. The Defense Department had already released three other policies that dictate how military vendors…
Aviva ‘revenge’ phone hacker jailed for 18 months
BBC reports: A man has been jailed for 18 months for hacking into 900 phones belonging to the insurance company Aviva. Richard Neale, 40, pleaded guilty to carrying out the attack as revenge after falling out with colleagues. He was previously a director at Esselar, a company contracted by Aviva to run its security network….