Eric Chabrow reports: Privacy advocates in the Senate have unveiled a national data breach notification bill that would allow states to keep their own laws if they provide more stringent reporting and privacy protections than offered by the federal government. The Consumer Privacy Protection Act, introduced April 30, is sponsored by Sen. Patrick Leahy of Vermont…
Category: Of Note
DOJ Issues Data Breach Guidance
Alston & Bird write: On Wednesday, April 29, 2015, the Department of Justice Computer Crime and Intellectual Property Section (CCIPS) Cybersecurity Unit issued new, detailed guidance on data breach incident response best practices. The document was announced at an invitation-only round table hosted by DOJ and provides guidance on what DOJ regards as “best practices for victims and potential…
Phishing attack hits another healthcare system
Partners Healthcare System has become the latest healthcare system to disclose that patient data was compromised by employees falling for phishing attacks: Partners HealthCare System, Inc. and its affiliated institutions and hospitals, including Brigham and Women’s Hospital, Brigham and Women’s Faulkner Hospital, Massachusetts General Hospital,North Shore Medical Center, Partners Continuing Care, and Newton-Wellesley Hospital (“Partners…
And then there were four five (Ascension Health entities breached)
Now that I know what I’m looking for, I’m finding more evidence of targeted email attacks affecting members of Ascension Health. For previous reports on this incident, read here and here. On March 16, Sacred Heart Health System in Florida posted this notice on their site about a breach they reported to HHS as affecting…
Congress to banks: Admit you’ve been hacked!
Jose Pagliery reports: Banks have lost so much consumer information to hackers this year that two members of Congress are asking them to come clean with the extent of the damage. Tuesday morning, 16 financial institutions will receive letters from Sen. Elizabeth Warren and Rep. Elijah E. Cummings asking them to admit that they have…
HHS Settles Charges Against Cornell Prescription Pharmacy Over Disposal of Records
Cornell Prescription Pharmacy (Cornell) has agreed to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule with the Department of Health and Human Services (HHS), Office for Civil Rights (OCR). Cornell will pay $125,000 and adopt a corrective action plan to correct deficiencies in its HIPAA compliance program….