Update: NorthJersey.com reports that the “Medical Management LLC” involved in this breach is based in North Carolina. One rogue employee at Medical Management LLC is resulting in 40 of the billing company’s clients having to notify patients. Medical Management is handling the notifications (template), but even so, this is not the way hospitals want to be in…
Category: Of Note
Large online dating site AdultFriendFinder confirms data breach (UPDATED)
Mike Snider reports: One of the largest online dating sites, the 64 million-member AdultFriendFinder.com, has contacted law enforcement and high-profile security firm FireEye to investigate a data breach. Information including sexual preference, marital status and other personal data (dates of birth, email addresses and addresses) for as many as 4 million members may have been…
CareFirst BlueCross BlueShield discloses that hack in June 2014 affected 1.1 million members
From CareFirst BlueCross BlueShield: On May 20, 2015, CareFirst BlueCross BlueShield (CareFirst) announced that the company has been the target of a sophisticated cyberattack. The attackers gained limited, unauthorized access to a single CareFirst database. This was discovered as a part of the company’s ongoing Information Technology (IT) security efforts in the wake of…
House OGR questions FTC’s Ramirez about standards for data security
In a hearing yesterday, Rep. Darrell Issa of the House Committee on Oversight and Government Reform questioned FTC Chairwoman Edith Ramirez about standards for data security enforcement. And although I often disagree with Rep. Issa, I do agree that entities need to know what they need to do to have safe harbor from an FTC enforcement…
House Committee on Oversight & Government Reform staff report slams Tiversa, cautions federal agencies about using them (updated with Tiversa’s response)
If you thought former Tiversa employee Rick Wallace’s testimony in FTC v. LabMD was sensational, wait until you read a staff report prepared for Darrell Issa, then-Chairman of the House Committee on Oversight and Government Reform. The 99-page report, prepared in January but embargoed until after Wallace’s testimony, delves into Tiversa’s business practices and problems with the…
Nevada expands definition of PI for purposes of the state’s breach and safeguards laws
Morrison & Foerster LLP write: Nevada’s recently amended law will, among other things, create the first state mandate to encrypt online account credentials. Specifically, on May 13, 2015, Nevada Governor Sandoval approved a bill (“AB 179”) to expand the definition of “personal information” for purposes of the state’s security breach notification and personal information safeguards…